d369ed2bb2
Headers that are not present in the original request but are added by two or more competing extensions are not merged, but only one of the changes is applied. Since this causes issues with privacy and security enhancing extensions trying to tighten up CSP, this introduces a special case to explicitly always merge the CSP header. Differential Revision: https://phabricator.services.mozilla.com/D63554