Firefox browser loads chatGPT.com with a content-security-policy that includes chrome-extension://iaii... http://0.0.0.0:* and http://localhost:*

We create profiles of websites for firewall rules, and we have some questions about chatgpt .com content-security-policy.

When I load chatgpt .com through Firefox, I get the following content-security-policy

Screenshot of the Firefox's developer drawer opened to the Network tab and showing the http headers of the call to chatgpt .com html document. Specifically the content-security-policy. Below the screenshot of the browser, is an image with the text from the content-security-policy broken down and with highlights.1779×3780 750 KB

I am surprised by the inclusion of some of resources like:

• http:// 0.0.0.0:*
• http:// localhost:*
• frame-ancestors chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj
• https:// docs. google .com
• https:// drive-thirdparty .googleusercontent .com

Is it unsafe to allow a connection to http :// 0.0.0.0:* and http :// localhost:* (man in the middle attacks)?

Why rely in a browser’s specific platform (i.e., chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj)?

P.S. I was disabled from posting the content-security-policy (links are not allowed), so here I shared a picture of the policy broken down by section and highlights (chatgtp has helped me pull the text from images). Also, I merged two images because I got the error that new users can post only one image

For Google Drive and third-party, the service connects with Google Drive to share files. This is an option that some people have access to enable to link to their own Google account.

Thanks for reporting the other stuff, as you are such a new user you have limited permissions on links and images, but if you are around for longer you get more permissions.