PageExtender.app icon indicating copy to clipboard operation
PageExtender.app copied to clipboard
verified publisher icon fphilipe

Content Security Policy with server style-src/default-src directive

Open rnkn opened this issue 5 years ago • 1 comments

Hello,

Thank you for making PageExtender :)

From my research, I think my issue is likely a server configuration problem, but with the site https://marc.info I get no effect when trying to apply a PageExtender stylesheet and receive the following error:

[Error] Refused to apply a stylesheet because its hash, its nonce, or 'unsafe-inline' appears in neither the style-src directive nor the default-src directive of the Content Security Policy. (marc.info, line 1)

I'm not sure if there's anything you can do about this because I think these directives are to do with Apache, but I just thought I'd ask.

rnkn avatar Feb 28 '21 09:02 rnkn

I'm afraid CSP is interfering here. The initial script from the extension is executed, but anything injected by that script is disallowed.

Will have to investigate if there's a workaround. Thanks for reporting!

fphilipe avatar Mar 09 '21 12:03 fphilipe