[BUG] Chrome extension sidepanel fails to load on Chrome 145 due to inline script CSP violation
Bug Description
The Claude Chrome extension (v1.0.50) fails to initialize its side panel on Chrome 145. Chrome blocks the inline <script> in sidepanel.html with:
Executing inline script violates the following Content Security Policy directive 'script-src 'self''. Either the 'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), or a nonce ('nonce-...') is required to enable inline execution.
Because the side panel JS never loads, connectNative() is never called, so the native messaging host is never launched and Claude Code reports "Extension: Not detected".
The same inline theme-init script exists in newtab.html, options.html, and pairing.html.
Steps to Reproduce
- Install Chrome 145 (currently stable)
- Install Claude extension (v1.0.50)
- Open the Claude side panel
- Observe CSP error in DevTools console for
sidepanel.html:8 - Run
/chromein Claude Code → "Extension: Not detected"
Workaround
Extract the inline script to an external file and load the extension unpacked:
- Copy the installed extension to a writable location:
``bash``
cp -r ~/.config/google-chrome/Default/Extensions/fcoeoabgfenejglbffodgkkbkcdhcgfn/<version> \
~/.claude/chrome-ext-patched
- Create
theme-init.jswith the contents of the inline script block
- In all four HTML files (
sidepanel.html,newtab.html,options.html,pairing.html), replace:
``html`
<script>
// Set initial theme mode based on system preference
(function () { ... })();
</script>
`
with:
html``
<script src="/theme-init.js"></script>
- Remove
update_urlfrommanifest.json(required for unpacked loading)
- Disable the store extension, load the patched directory as an unpacked extension
Fix
Move the inline theme-detection script in the extension's HTML files to an external .js file. The extension's own CSP already specifies script-src 'self', which allows external scripts from the extension origin but blocks inline scripts.
Environment Info
- Chrome: 145.0.7632.75 (Flatpak, but the CSP issue is not Flatpak-specific)
- Extension: 1.0.50
- Claude Code: 2.1.42
- Platform: Linux (Bazzite/Fedora 43)
Related Issues
- #15587 — Flatpak Chrome integration (separate sandbox/path issues)
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗