Headers not updated on cached requests
When a page is loaded from the cache (e.g. after reloading), we don't (can't?) modify the headers. That means, for instance, reloading a page after whitelisting (perhaps even after blacklisting) it won't have any effect as far as CSP blocking is concerned.
Updated by koszko about 1 year ago
There seem to be some APIs for that. The one that reloads a tab while bypassing cache seems to be the most promising:
There's also one that can flush the entire cache:
Updated by jahoti about 1 year ago
- Status changed from New to Closed
Thanks for the API suggestions! It turns out the issue was indeed the same as you worked around earlier, and a minor adjustment of conditions fixes it. However, on a related note the handling of existing CSP headers needs additional sensitivity.