extensions can also remove/add CSPs I think, either through modifying the header... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		gruez on Jan 20, 2021 \| parent \| context \| favorite \| on: I no longer trust The Great Suspender extensions can also remove/add CSPs I think, either through modifying the header or modifying the DOM.

angry_octet on Jan 20, 2021 [–]

Yes, but you could strictly limit which extensions had that permission, make it a site specific permission, etc. Auto disabling an extension that changes to require that permission would be a start.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact