Would you deal with CSPs when building audio- Chrome Extensions

Question

Some background: We are a seed stage startup, we built a chrome extension that allows u to record audio messages anywhere, it gets transcribed, some ml stuff. Then u can share the link, if the other person also has the CE they can play it wherever they find the link. Of course, we also have a web app that does normal messaging app stuff. Register for testing: https://app.getvoiceline.com/6b29fbc80dQuestion: We have some problems with CSP violations. Some pages like StackOverflow don&rsquo;t even prompt the user for microphone permissions.Others, like Twitter, allow specific media sources. As long as they still allow blobs, we can work around that by sending the blob as a stringified message over the chrome messaging and rebuilding it in the DOM to then play it. Github and Gitlab are much more restrictive. IMO google should allow chrome extensions to change certain aspects of the CSPs, after all, you want to transform your browser experience with the extensions. It works well on the major co-working tools like gsuite or notion, but we would really like to bring it to more engineers and the websites they use.Did any of you deal with similar constraints before?

slettner · Accepted Answer

Another thought: would it technically be possible to place the link on any websites DOM such that other logged in users can see them? So I can e.g. make comments on places where there is no persitet text input and other users can then see them when they visit the same site

sschoen · Answer

Didn&rsquo;t fully get ur usp. Transcription is insane though! For CSP, have you checked how loom does it?