Claude in Chrome extension: CSP error blocking inline script

Resolved 💬 3 comments Opened Jan 25, 2026 by penguinmd Closed Jan 29, 2026

Description

The Claude in Chrome browser extension fails to load due to a Content Security Policy violation.

Error Message

Executing inline script violates the following Content Security Policy directive 'script-src 'self''. Either the 'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.

Environment

  • OS: macOS (Darwin 25.3.0)
  • Claude Code version: Using claude --chrome flag
  • Chrome: Latest version

Steps to Reproduce

  1. Install the Claude browser extension
  2. Launch Claude Code with --chrome flag
  3. Check Chrome's extension error console (chrome://extensions/ → extension details → "Errors")

Expected Behavior

The extension should load without CSP errors and connect to Claude Code.

Actual Behavior

The extension is blocked from executing due to the CSP violation, preventing connection to Claude Code.

Possible Cause

The extension appears to have an inline script that needs to be either:

  • Moved to an external file
  • Added to the CSP with the appropriate hash (sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk=)
  • Use a nonce-based approach

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗