Safari extension refused to load <remote_url> because it does not appear in the frame-src directive of the Content Security Policy

Hi We have a working chrome extension(using manifest version 3) with content security policy having frame-src: <remote_urls>

"content_security_policy": {
        "extension_pages": "script-src &#039;self&#039;; child-src &#039;self&#039;; style-src &#039;self&#039; &#039;unsafe-inline&#039;; frame-src https:&#x2F;&#x2F;abc.com https:&#x2F;&#x2F;xyz.com"
    }

We converted the extension using a utility (safari-web-extension-converter) to make it work in Safari and faced the following error while testing- Refused to load: https://abc.com/h.html because it does not appear in the frame-src directive of the Content Security Policy.

Environment Details

  • macOS - 13.4
  • Safari - Version 16.5 (18615.2.9.11.4)
  • Xcode - Version 14.3 (14E222b)

Can you help us with the correct way to define the frame src directive of the content security policy in the extension?

Up vote post of mayankm Down vote post of mayankm
458 views
Posted by
mayankm
Reply
Add a Comment