Closed Bug 1264565 Opened 9 years ago Closed 9 years ago

JSON Viewer: CSP errors

Categories

(DevTools :: JSON Viewer, defect)

Product:
DevTools
Component:
JSON Viewer
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1303086

People

(Reporter: Honza, Unassigned)

Details

JSON Viewer implementation is based on nsIStreamConverter than convert incoming 'application/json' document into a web application. If the document has CSP in place, the conversion can trigger following errors: Console Service ERROR [JavaScript Error: "Content Security Policy: The page's settings blocked the loading of a resource at self ("default-src 'none'")." {file: "https://api.github.com/" line: 0}] [JavaScript Error: "Content Security Policy: The page's settings blocked the loading of a resource at self ("default-src 'none'")." {file: "https://api.github.com/" line: 0}] That's bad since this can break the app. What options do we have to fix this? Honza
@jryans: I am not sure how to fix this, but perhaps we should reconsider the way how JSON Viewer is implemented? Who else should I cc on this bug? STR: 0) This should be done by default, but... make sure JSON Viewer is enabled by setting 'devtools.jsonview.enabled' pref to true 1) Load https://api.github.com/ 2) Check out the Browser console. There are many CSP errors. Honza
Flags: needinfo?(jryans)
Hmm, do I need to do something special? I am using Nightly 2016-04-13 and I don't see any errors. The JSON Viewer loads and the content appears as I would expect.
Flags: needinfo?(jryans) → needinfo?(odvarko)
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(odvarko)
Resolution: --- → DUPLICATE
Product: Firefox → DevTools
You need to log in before you can comment on or make changes to this bug.