plasmo [BUG] CSP restricted inline-style in Overlay CSUI.

[BUG] CSP restricted inline-style in Overlay CSUI.

Open kuloud opened this issue 1 month ago • 0 comments

What happened?

The CSP restricted inline-style is configured on some web pages, causing injectAnchor to be executed abnormally on the csui.ts, and the CSUI style does not take effect:

import cssText from "data-text:~style.css"
export function getStyle() {
  const style = document.createElement("style")
  style.textContent = cssText
  return style
}

https://developer.apple.com/documentation/safariservices/safari_web_extensions/style.css

guide.6d2501fe.js:72 Refused to connect to 'ws://localhost:1815/' because it violates the following Content Security Policy directive: "default-src 'self' *.apple.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Version

Latest

What OS are you seeing the problem on?

MacOSX

What browsers are you seeing the problem on?

Chrome

Relevant log output

Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' *.apple.com 'sha256-8sYhey1EBDQi8bgEKVzQaukvyoXk2XyF4mAm3oRZ/SQ='". Either the 'unsafe-inline' keyword, a hash ('sha256-wziXN3zGg/m2EZsVU1JeuUbR22M36/vyuqwFduwiJC4='), or a nonce ('nonce-...') is required to enable inline execution.

(OPTIONAL) Contribution

[ ] I would like to fix this BUG via a PR

Code of Conduct

[X] I agree to follow this project's Code of Conduct
[X] I checked the current issues for duplicate problems.

May 18 '24 06:05 kuloud

plasmo plasmo copied to clipboard

[BUG] CSP restricted inline-style in Overlay CSUI.

What happened?

Version

What OS are you seeing the problem on?

What browsers are you seeing the problem on?

Relevant log output

(OPTIONAL) Contribution

Code of Conduct

plasmo
plasmo copied to clipboard