If web site provided Content Security Policy, extension's content scripts are affected by web site's policies.

Fixed Issue #11076023


Tomohito Y.
Feb 25, 2017
This issue is public.
Found in
  • Microsoft Edge
Found in build #
Fixed in build #
Reported by 4 people

Sign in to watch or report this issue.

Steps to reproduce

If web site provided Content Security Policy, extension’s content scripts are affected by web site’s policies.

  1. Open CSP enabled Web site (ex. https://github.com/MicrosoftEdge
  2. Open Console in F12
  3. Switch Target “Extension: …” (Change scope to content script)
  4. Execute below JavaScript code.
var url = URL.createObjectURL(new Blob(['Hello!Konnichiwa'], {type:'text/plain'}));
var xhr = new XMLHttpRequest();
xhr.open('GET', url);
xhr.onload = () => console.log(xhr.response);
xhr.onerror = () => console.log('Error');
  1. Receive a result
  • Expected(Google Chrome): Hello! Konnichiwa
  • Actual(Microsoft Edge): Error with Warning CSP14312
CSP14312: Resource violated directive 'connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com wss://live.github.com' in Content-Security-Policy: blob:958866E0-E4C5-452E-85A1-DB7E7E48B1FB. Resource will be blocked.


0 attachments

    Comments and activity

    • Changed Steps to Reproduce

      Changed Steps to Reproduce

    • Microsoft Edge Team

      Changed Assigned To to “Chee C.”

      Changed Assigned To to “Sermet I.”

      Changed Assigned To from “Sermet I.” to “Scott S.”

      Changed Status to “Confirmed”

      Changed Assigned To from “Scott S.” to “Suyang Z.”

      Changed Status from “Confirmed” to “In progress”

      Changed Status from “In progress” to “Fixed”

    You need to sign in to your Microsoft account to add a comment.

    Sign in