Closed Bug 1215108 Opened 6 years ago Closed 6 years ago

Bookmarklet creating issues with CSP

Categories

(Firefox :: Untriaged, defect)

41 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 866522

People

(Reporter: dante3333, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Build ID: 20150929144111

Steps to reproduce:

Just install a bookmarket. For example, install http://ffoodd.github.io/a11y.css/ and test it on a website with CSP enabled.

Here is an example: http://csp.nicolas-hoffmann.net/ (see bug https://bugzilla.mozilla.org/show_bug.cgi?id=1195302 to see how this page works, basically, it makes an ajax call to retrieve CSP errors generated)

Use the bookmarklet on it (and refresh).


Actual results:

For the a11y.css bookmarklet, if CSP is activated on a website without some rules especially dedicated for it, Firefox triggers CSP errors.


Expected results:

Bookmarklet should not generate CSP errors.
Hey Christoph,

are you the right person to ping about this ?
Flags: needinfo?(mozilla)
Just to provide more details: the CSP errors are related to the bookmarklet. For my example, the bookmarklet needed "unsafe-inline" for script-src and https://rawgit.com for style-src.

The main problem with this issue is that the website decides for the user which bookmarklet he may use. :-\
(In reply to Julien Wajsberg [:julienw] from comment #1)
> Hey Christoph,
> 
> are you the right person to ping about this ?

It seems there are a multitude of people requesting a solution for the long known issue that  CSP affect bookmarklets. Please see the following bug which was opened two years ago. Recently we got more complaints, which means that more pages are adopting CSP apparently:
https://bugzilla.mozilla.org/show_bug.cgi?id=866522

Anyway, when we do our next triage I will make sure that we re-prioritize that issue and put some more resources on fixing it. Thanks for filing the bug.
Flags: needinfo?(mozilla)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 866522
You need to log in before you can comment on or make changes to this bug.