Hacker News new | past | comments | ask | show | jobs | submit login

Removing security headers like Content-Security-Policy is forbidden by the addons.mozilla.org policy.

https://extensionworkshop.com/documentation/publish/add-on-p...




I don't think this is being enforced in practice, thankfully.


It is. It happened to us a few weeks ago.


That's crazy. Did it happen to a public extension or an unlisted one?


Public, with about half a million installations.

I think it was noticed only because this version had a major bug that broke a bunch of websites.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: