web-monetization-projects icon indicating copy to clipboard operation
web-monetization-projects copied to clipboard

Published 20 hours ago verified publisher icon interledger

Firefox background page content_security_policy violation

Open sublimator opened this issue 2 years ago • 1 comments

image 

Content Security Policy: The (nb: background) page’s settings blocked the loading of a resource at eval (“script-src”). moz-extension:44210:9

Don't know what it is yet. Is on main and the wm2 branch.

Versions:

  • MacOS Firefox Version 98.0.1 (64-bit)
  • MacOS Firefox Version 100.0a1 (2022-03-15) (64-bit)

sublimator avatar Mar 16 '22 05:03 sublimator

The CSP issue is caused by an eval function being called in the background.js file that is compiled by webpack.

A temporary solution is: add the following script-src directive value to the content_security_policy field in manifest.json 'unsafe eval'

This should be last resort as it allows for some vulnerability

Danisco212 avatar Apr 11 '22 02:04 Danisco212