Chrome 145: CSP blocks inline scripts in sidepanel.html - extension non-functional

Resolved 💬 3 comments Opened Mar 12, 2026 by joelcosta79 Closed May 19, 2026

Description

The Claude in Chrome extension (v1.0.59) is completely non-functional on Chrome 145 (arm64/macOS). Chrome's Content Security Policy blocks the inline script in sidepanel.html, preventing the extension from loading properly.

Environment

  • Chrome version: 145.0.7632.118 (Official Build) (arm64)
  • Extension version: 1.0.59
  • OS: macOS (Apple Silicon)
  • Claude Code version: 2.1.74

Error Messages

Executing inline script violates the following Content Security Policy directive 'script-src 'self''. 
Either the 'unsafe-inline' keyword, a hash ('sha256-kFwyFWA0myfqRcE5y2d5UX8g0o2QFHSmCz1gWSW0xpk='), 
or a nonce ('nonce-...') is required to enable inline execution. The action has been blocked.
Uncaught (in promise) Error: Could not establish connection. Receiving end does not exist.

Additionally, Segment analytics scripts are also blocked:

Loading the script 'https://cdn.segment.com/next-integrations/actions/amplitude-plugins/f12a4347e1080fb88155.js' 
violates the following Content Security Policy directive: "script-src 'self'".

Steps to Reproduce

  1. Install Claude in Chrome extension (v1.0.59) on Chrome 145
  2. Connect to Claude Code via /mcp
  3. Try to create tabs or navigate — commands report success but no tabs are actually created/visible

Root Cause

The inline <script> block in sidepanel.html (line 8) that sets the initial theme mode is blocked by Chrome 145's stricter CSP enforcement. This prevents the side panel from initializing, which breaks all tab management functionality.

Suggested Fix

Move the inline script in sidepanel.html to an external .js file to comply with CSP script-src 'self' policy.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗