I did a safari extension that injects iframes into web pages. In doing so, I came across an error. On some web pages, I get an error message,
Refused the 'safari-extension: //abcdefgh/hello.html' frame because it violates the following content security policy directive: "frame-src https: twitter:".
I assume this is because the safari extensions are subject to CSP. However, the same error is not observed with the chrome extension when iframe.src is installed in a local file packaged in the extension.
How can I solve this problem? In addition, does this need to be done only with the content security policy, as well as with the X-Frame settings?
source share