Closed
Bug 1415997
Opened 7 years ago
Closed 7 years ago
Content-Security-Policy blocks WebExtension content scripts and web_accessible_resources
Categories
(WebExtensions :: General, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1310082
People
(Reporter: onyshchuk, Unassigned)
Details
Attachments
(1 file)
41.73 KB,
application/x-zip-compressed
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Build ID: 20171024165158 Steps to reproduce: Install tiny WebExtension from attachment. It contains only content script: ////// console.log("=== It is content script ==="); var img = document.createElement("img"); img.setAttribute("src", chrome.extension.getURL("sun.png")); document.body.appendChild(img); ////// and web_accessible_resources: sun.png Actual results: On every site without HTTP header Content-Security-Policy we will see sun image on the page (web_accessible_resources) and line === It is content script === in the Web Console If you will go to addons.mozilla.org with HTTP header Content-Security-Policy then you will not see either the sun picture or the wanted line in the console. Also Web Console will contain errors like: "Content Security Policy: The page’s settings blocked the loading of a resource at self" Expected results: If you will install this WebExtention into Chrome you will see sun on addons.mozilla.org with HTTP header Content-Security-Policy and line === It is content script === in the Web Console. I am thinking HTTP header Content-Security-Policy should not block any content of WebExtensions.
Updated•7 years ago
|
Component: Untriaged → WebExtensions: General
Product: Firefox → Toolkit
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Product: Toolkit → WebExtensions
You need to log in
before you can comment on or make changes to this bug.
Description
•