Claude in Chrome extension: CSP error blocking inline script
Resolved 💬 3 comments Opened Jan 25, 2026 by penguinmd Closed Jan 29, 2026
Description
The Claude in Chrome browser extension fails to load due to a Content Security Policy violation.
Error Message
Executing inline script violates the following Content Security Policy directive 'script-src 'self''. Either the 'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.
Environment
- OS: macOS (Darwin 25.3.0)
- Claude Code version: Using
claude --chromeflag - Chrome: Latest version
Steps to Reproduce
- Install the Claude browser extension
- Launch Claude Code with
--chromeflag - Check Chrome's extension error console (
chrome://extensions/→ extension details → "Errors")
Expected Behavior
The extension should load without CSP errors and connect to Claude Code.
Actual Behavior
The extension is blocked from executing due to the CSP violation, preventing connection to Claude Code.
Possible Cause
The extension appears to have an inline script that needs to be either:
- Moved to an external file
- Added to the CSP with the appropriate hash (
sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk=) - Use a nonce-based approach
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗