Headers not updated on cached requests
When a page is loaded from the cache (e.g. after reloading), we don't (can't?) modify the headers. That means, for instance, reloading a page after whitelisting (perhaps even after blacklisting) it won't have any effect as far as CSP blocking is concerned.
There seem to be some APIs for that. The one that reloads a tab while bypassing cache seems to be the most promising:
There's also one that can flush the entire cache:
- Status changed from New to Closed
Thanks for the API suggestions! It turns out the issue was indeed the same as you worked around earlier, and a minor adjustment of conditions fixes it. However, on a related note the handling of existing CSP headers needs additional sensitivity.