How to deal with untrustworthy third-party add-ons that could endanger your own users? Prevent them from loading – if you can. That’s what Google recently did with Gmail extensions that load code that interferes with the users’ Gmail session or malware that can compromise their email’s security.
In order to do it, Google has begun blocking Gmail extensions that don’t comply with the Content Security Policy (CSP), a specification that’s used to instruct browsers from which location and which type of resources can be loaded.
Read more about the Google’s latest spree of blocking extensions that done comply to CSP for user safety on Help Net Security.