All Questions
Tagged with firefox-addon-webextensions content-security-policy
19 questions
1
vote
0
answers
890
views
EvalError: call to eval() blocked by CSP in Mozilla firefox extention
My chrome extension is working fine and i want to make it compatible with Firefox as well. In the extension i have used eval method that is throwing error "EvalError: call to eval() blocked by ...
1
vote
1
answer
310
views
Content Security Policy blocking Google API for addon
I am writing an addon for Firefox and have problem with Content Security Policy. It needs accessibility to Google API when I press button on it, so I have added following script tag to popup.html
<...
- 49
0
votes
0
answers
57
views
Be sure that only browsers without addons/extensions access my webpage
I have an admin panel, I would like to permit only browsers without any extension/addon.
I tried setting stringent csp policy
content-security-policy:
script-src 'nonce-xxx' 'strict-dynamic' ...
- 1,583
0
votes
0
answers
14
views
CSP not allowing me to run JS in a packaged HTML file [duplicate]
I'm trying to run a simple JS function (in index.js) in a regular HTML file, but I keep getting this error: Content Security Policy: The page’s settings blocked the loading of a resource at inline (“...
- 129
0
votes
0
answers
244
views
Load fonts in firefox web extension
I'm trying to port my chrome extension to firefox, but I'm having a hard time loading fonts in content scripts.
I have my font files bundled with the extension, then I load the content script with css ...
- 53
2
votes
1
answer
779
views
building a webextension with parcel and web-ext, what is the correct content security policy
Parcel supports bundling webextensions: https://v2.parceljs.org/recipes/web-extension/
The command to set up a build server and watch for changes is: parcel src/manifest.json --host localhost --target ...
- 29.9k
0
votes
2
answers
467
views
Is there a way include a firefox extension popup in the Content-Security-Policy of my website?
I want to embed an iframe in the popup of a firefox extension but I get "Firefox Can’t Open This Page - To protect your security, www.example.com will not allow Firefox to display the page if ...
- 1,595
0
votes
1
answer
167
views
CSP error while playing a remote audio file in Firefox WebExtension
I'm developing an extension that I need to play an audio from the remote server and I have another server to fetch other information.
I put the following line in manifest.json:
"...
- 2,351
2
votes
1
answer
530
views
Webextension: Access json dictionary from external url, How?
It is possible (though risky) to allow a webextension in the browser to load javascript from a remote url using the following directive in the manifest.json file - by including something like:
"...
- 3,059
0
votes
1
answer
579
views
Xhr from extension is blocked despite the <all_urls> manifest permission
As I learned from https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#Host_permissions to make unrestricted cors request it should be enough to have host ...
- 438
1
vote
1
answer
1k
views
Does Firefox allow extensions to bypass a normal web page's CSP?
I have a web page with a CSP like this:
<meta http-equiv="Content-Security-Policy" content="script-src 'self' https://d2wy8f7a9ursnm.cloudfront.net https://cdn.polyfill.io https://browser-update....
- 2,894
1
vote
1
answer
2k
views
Web Extension - Content Security Policy Error when Iframe Source Executes Script
I have a firefox web extension that uses a content script to inject HTML into a webpage when a button is clicked. The HTML that is injected consists of an iFrame nested within several divs.
Here's ...
- 8,401
0
votes
0
answers
224
views
CSP error for image embed to GitHub with Firefox web extension content script
I can't add image to GitHub issue page with firefox web extension content script.
Content Security Policy: The page’s settings blocked the loading
of a resource at
https://api.everhour.com/...
- 509
0
votes
1
answer
481
views
Content script loading images from an extension ( CSP )
I'm developing a browser extension both for chrome & firefox.
My content script injects (only in twitter) some new images hosted from another server.
Here is a basic example of what am I doing : ...
- 1,624
0
votes
1
answer
3k
views
jQuery.ajax() blocked due to CSP within WebExtension
I'm developing a Mozilla Firefox extension, which needs to communicate with my server on localhost:8080.
jQuery.ajax({
type: query_method,
url: "http://localhost:8080/item",
...
- 880
2
votes
1
answer
1k
views
Local DataTables js blocked by Content Security Policy on Firefox Extension
I have download the js for DataTables and I'm trying to load it on my Firefox extension but, its been blocked by Content Security Policy:
Content Security Policy: The page’s settings blocked the ...
- 21
1
vote
1
answer
368
views
porting chrome extension to firefox webextension - unsafe angular image call
I've got a chrome extension working nicely w/ a popup, but can't get local images in the popup to render in the ported firefox webextension. the popup renders no images and the HTML rendered is:
...
- 13
0
votes
0
answers
223
views
WebExtension (Firefox) and access to JQuery [duplicate]
I try to create a WebExtension which uses JQuery besides other scripts.
For testing I have modified the "Cookie BG Picker" extension here: https://github.com/mdn/webextensions-examples/tree/...
- 93
6
votes
2
answers
1k
views
Firefox WebExtension, isolated HTML overlay
I'm looking for a way to display an isolated overlay on some websites using WebExtensions.
An iframe would seem like the way to go for this as it provides a whole separate scope for css, js and the ...
- 15.4k