Hi We have a working chrome extension(using manifest version 3) with content security policy having frame-src: <remote_urls>
"content_security_policy": {
"extension_pages": "script-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://abc.com https://xyz.com"
}
We converted the extension using a utility (safari-web-extension-converter) to make it work in Safari and faced the following error while testing- Refused to load: https://abc.com/h.html because it does not appear in the frame-src directive of the Content Security Policy.
Environment Details
- macOS - 13.4
- Safari - Version 16.5 (18615.2.9.11.4)
- Xcode - Version 14.3 (14E222b)
Can you help us with the correct way to define the frame src directive of the content security policy in the extension?