logo
down
shadow

addRemoteJS api not working in crossrider extension in firefox due to content security policy


addRemoteJS api not working in crossrider extension in firefox due to content security policy

By : user2952399
Date : November 19 2020, 12:41 AM
it fixes the issue Looks like a CSP protection issue. You can try working around the issue by injecting the script instead, e.g.
code :
appAPI.request.get({
  url: 'https://myserver.com/JS/myJs.min.js';,
  onSuccess: function(result) {
    var s = document.createElement('SCRIPT');
    s.type = 'text/javascript';
    s.charset = 'UTF-8';
    s.text = result;
    document.head.appendChild(s);
  }
});


Share : facebook icon twitter icon
Chrome Extension and Content Security Policy and GWT RPC

Chrome Extension and Content Security Policy and GWT RPC


By : Double D
Date : March 29 2020, 07:55 AM
To fix this issue The new CSP is bullshit. It deliberately cuts off functionality, and it doesn't allow overrides, even though developers know damn well what they're doing.
For now, revert to manifest v.1 in extension manifest.
code :
 ...
 manifest_version: 1,
 ...
X-Content-Security-Policy-Report-Only not working in Firefox 20

X-Content-Security-Policy-Report-Only not working in Firefox 20


By : Exonfluxx
Date : March 29 2020, 07:55 AM
this one helps. Uggh - I'd seen the bug report before, but didn't read it carefully and thought it was the unsafe-inline or unsafe-eval problem. https://bugzilla.mozilla.org/show_bug.cgi?id=687086 actually specifically talks about inline script not firing the policy because the script is allowed to run. Doing testing with other things which violate the policy (such as loading script from elsewhere) the report gets generated and sent.
How to add Content Security Policy to Firefox extension

How to add Content Security Policy to Firefox extension


By : DRobi
Date : March 29 2020, 07:55 AM
I wish did fix the issue. I couldn't find a simple solution for my problem and upon looking up some firefox plugin extensions i had to come up with my own solution as below. The below solution was tested on FF 24.0 but should work on other versions as well.
code :
Cc["@mozilla.org/observer-service;1"].getService(Ci.nsIObserverService)
    .addObserver(_httpExamineCallback, "http-on-examine-response", false);

function _httpExamineCallback(aSubject, aTopic, aData) {
    var httpChannel = aSubject.QueryInterface(Ci.nsIHttpChannel);

    if (httpChannel.responseStatus !== 200) {
        return;
    }

    var cspRules;
    var mycsp;
    // thre is no clean way to check the presence of csp header. an exception
    // will be thrown if it is not there.
    // https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIHttpChannel
    try {    
        cspRules = httpChannel.getResponseHeader("Content-Security-Policy");
        mycsp = _getCspAppendingMyHostDirective(cspRules);
        httpChannel.setResponseHeader('Content-Security-Policy', mycsp, false);
    } catch (e) {
        try {
            // Fallback mechanism support             
            cspRules = httpChannel.getResponseHeader("X-Content-Security-Policy");
            mycsp = _getCspAppendingMyHostDirective(cspRules);    
            httpChannel.setResponseHeader('X-Content-Security-Policy', mycsp, false);            
        } catch (e) {
            // no csp headers defined
            return;
        }
    }

};

/**
 * @var cspRules : content security policy 
 * For my requirement i have to append rule just to 'script-src' directive. But you can
 * modify this function to your need.
 *
 */
function _getCspAppendingMyHostDirective(cspRules) {
  var rules = cspRules.split(';'),
    scriptSrcDefined = false,
    defaultSrcIndex = -1;

  for (var ii = 0; ii < rules.length; ii++) {
    if ( rules[ii].toLowerCase().indexOf('script-src') != -1 ) {
        rules[ii] = rules[ii] + ' <My CSP Rule gets appended here>';
        scriptSrcDefined = true;
    }

    if (rules[ii].toLowerCase().indexOf('default-src') != -1) {
        defaultSrcIndex = ii;
    }
}

  // few publishers will put every thing in the default (default-src) directive,
  // without defining script-src. We need to modify those as well.
  if ((!scriptSrcDefined) && (defaultSrcIndex != -1)) {
    rules[defaultSrcIndex] = rules[defaultSrcIndex] + ' <My CSP rule gets appended here>';
  }

  return rules.join(';');
};
content-security-policy allows ginger extension to load content

content-security-policy allows ginger extension to load content


By : Yuancheng Li
Date : March 29 2020, 07:55 AM
I wish this helpful for you when I install this ginger extension on chrome: https://chrome.google.com/webstore/detail/spell-and-grammar-checker/kdfieneakcjfaiglcfcgkidlkmlijjnh?utm_source=chrome-ntp-icon , In short: Because that's not what the CSP does.
frame-ancestors of Content-Security-Policy is not working in Chrome, Firefox and IE

frame-ancestors of Content-Security-Policy is not working in Chrome, Firefox and IE


By : Ahmed Hassan
Date : March 29 2020, 07:55 AM
To fix the issue you can do The frame-ancestors directive can only have a host or an origin, not a URL with a path (documentation).
Delete the path.
Related Posts Related Posts :
  • Property 'throw' does not exist on type 'typeof Observable'
  • Unable to deploy SAPUI5 application with 404 error
  • Xcode 10 build fail rm permission denied in /bin/sh/
  • Handling quorum writies fail on Cassandra
  • How to finalize log file just after time is over when using logback SizeAndTimeBasedFNATP?
  • Write custom widget with GTK3
  • How to remove UINavigationBar inner shadow in iOS 7?
  • Wordpress dynamic widget by location?
  • XDocument replace all node value with lower case
  • Invalid tagdir attribute while web-fragment is used
  • Set default font/text size in RTF Control
  • what video formats supported by chromecast device (mp4,flv,m3u8,flv,avi)?
  • sbcl - how to muffle "undefined variable" warning?
  • Get an eventbrite event ID
  • Obtain date without timestamp in DB2
  • Cron job to SFTP files in a directory
  • Draw two head arrows in fabric.js
  • YOLO darknet vs darkflow
  • Parse custom rss tags using Rome API
  • Creating text editor like EDIT on Command Prompt using FreePascal
  • Subplot hides xlabel
  • NServiceBus long running process that timesout
  • Qt4 - How to add a row in a QTableWidget when sorting is enable?
  • Cancel command in Grunt that hasn't been launched
  • Canvas globalCompositeOperation is not working correctly
  • HTML.Kendo().Dropdownlist set default item
  • vagrant up failed, /dev/vboxnetctl: no such file or directory
  • How to use jssor carousel to build client carousal
  • Theory what is meant by validating security concerns for these user groups
  • How to build correct SPARQL Query
  • Connecting to MySQL (on Google Cloud SQL) via JDBC and IPv6?
  • Fetching transaction in several iterations
  • is it possible to use dropbox datastore api as shared datastore?
  • phpExcel 1.8 Named Ranges in Formula
  • Cisco VPN IP address
  • No address associated with hostname using vagrant
  • 2 way data-binding between a polymer component and a model?
  • How can I rename an already published app in the Windows Dev Center?
  • Using Chef 12 , Chef Client unable to connect to chef Server
  • GCM notification not working (GoogleCloudMessaging)
  • Measured GFLOPS is greater then theoretical GFLOPS
  • Progress ABL - strip and add to temp table
  • Errors occuring when make-ing Aircrack-ng on raspberry pi
  • Detecting Handedness from Device Use
  • Query a manual list of data items
  • Similar to pivot - Windows 8.1 Desktop app
  • CKEDITOR And Styles configuration with only toolbar
  • Segmentation fault due to data alignment issue on MIC
  • how to connect a Java app ( java code ) to cloudant?
  • How to download a file/folder from remote (openshift) to local system
  • Where can i find customeditors in JBPM 6
  • Pig get distinct rows with counts
  • In Flex when is yylineno updated?
  • How does a semantic reasoner for protegé is made?
  • how to stop another rows to be select after select a row in uitableview
  • Setup cmd.exe parameter when starting ConEmu
  • WPF how to get the same visual size in different devices
  • How to convert tiff to searchable pdf using alfresco and tesseact?
  • Intel Media SDK: Regarding mfxIMPL Usage
  • How to pass values to SOAP service using web service consumer?
  • shadow
    Privacy Policy - Terms - Contact Us © ourworld-yourmove.org