(From update of attachment 303318)
Overriding *all* content policies kind of scares me. This will include much more than just plain image blocking. It'll circumvent things like same-origin policies (iirc we have content policies that enfoce same-origin for images), in the future likely things like don't-load-unencrypted-resources-from-encrypted-pages.
Could you instead have the specific content policies check the new property? (and call it something like userInitiatedLoad or some such)
(From update of attachment 303318) unencrypted- resources- from-encrypted- pages.
Overriding *all* content policies kind of scares me. This will include much more than just plain image blocking. It'll circumvent things like same-origin policies (iirc we have content policies that enfoce same-origin for images), in the future likely things like don't-load-
Could you instead have the specific content policies check the new property? (and call it something like userInitiatedLoad or some such)