Is it possible to bypass CSP when injecting js in the page from a Firefox plugin?

Is it possible to bypass CSP when injecting js in the page from a Firefox
plugin?

I have a firefox plugin that used to interact with github's web app by
injeting some javascript in the page (by creating a element under the head
element, and setting its innerHTML value to the javascript to be
executed).
However, it just stopped working lately. I then saw the following warning:
Timestamp: 8/21/13 5:45:42 PM
Warning: CSP WARN: Directive inline script base restriction violated
Source File: https://github.com/login
Line: 0
Source Code:
myjscode();...
Github returns the following header:
X-Content-Security-Policy: default-src *; script-src 'self'
https://github.global.ssl.fastly.net https://jobs.github.com
https://ssl.google-analytics.com https://collector.githubapp.com
https://analytics.githubapp.com; style-src 'self' 'unsafe-inline'
https://github.global.ssl.fastly.net; object-src 'self'
https://github.global.ssl.fastly.net
I was aware that Firefox started supporting CSP through the
X-Content-Security-Policy header, but I thought some mechanism would be in
place to prevent code injection from plugins to brake.
Does anyone know if the extension API has any specific mechanism for
injecting javascript in the page in a and bypass the CSP settings?
Rationale is - if the user has the plugin installed, he/she trusts it, and
there should be a way to bypass CSP.