To avoid tripping on unsafe inline content security policies.
Fixes Spotify media session API in Firefox for me
Needs a lot more testing. Firefox docs say "Some browsers specifically exclude blob and filesystem from source directives.", so I wonder what's that about. So far I haven't noticed any regressions but I haven't done much testing.