violentmonkey-mx icon indicating copy to clipboard operation
violentmonkey-mx copied to clipboard
verified publisher icon violentmonkey

script not working when the website set Content-Security-Policy in http response.

Open flysoso opened this issue 7 years ago • 1 comments

What is the problem?

script not working when the website set Content-Security-Policy in http response.

How to reproduce it?

  1. e.g. the website mp.wexin.qq.com

What is the expected result?

script work

What is the actual result?

script not work. it make console error like this: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' http://.qq.com https://.qq.com http://.weishi.com https://.weishi.com 'nonce-356257451'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

Environment

  • Browser:Maxthon
  • Browser version:5.2.3.3000
  • Violentmonkey version:2.8.4
  • OS:win10

flysoso avatar Jun 16 '18 09:06 flysoso

Known issue, and there is no workaround for Maxthon.

gera2ld avatar Jun 17 '18 02:06 gera2ld