New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No longer appearing in Chrome web store #60
Comments
Haha @ aurora RIP I will start the webext port right away. Will get back to you soon. |
Content-Security-Policy is not obnoxious, it's an excellent security mechanism. Addons like this one could just intercept the store responses and change the policy header |
@myfreeweb No, intentionally blocking a competitor's browser from installing extensions hosted on your platform is obnoxious. That has nothing to do with CSP itself. Maybe it's a coincidence, but since this used to work just fine, I'm rather sceptical. |
The fact that the error is CSP makes me think that it's not intentional. The exact same header is sent to both browsers, they don't even check user-agent! Obviously they prioritize security over supporting Firefox extensions that inject scripts into their website… |
Thank you all for helping discuss this. For the webextension version, it will not auto-install the extension, I was trying to find a way around this. So I haven't got to this CSP issue yet, so your discussion about it is much appreciated! |
Any word on when this will be resolved? |
Yep I'm working on the webext version right now and have not encoutnered the CSP issue yet. I will update this topic as I get a test version out so we can jointly verify. :) |
Much appreciated @Noitidart! In the meantime for anyone else, the cli web-ext tool is pretty awesome for any testing you'd like to do, and makes self-signing extensions a breeze. |
v3 just released, please try it out now :) https://addons.mozilla.org/en-US/firefox/addon/chrome-store-foxified/ |
It didn't work for me, I get the following when trying to install the LastPass addon: Should I click the |
Oh thats a bug on addon-server side. Nothing we can do about it. :( @kjschulz actually "install" is the equivalent of "install unsigned" from a security prespective. Getting it signed, just makes it auto install and stay installed. :) |
I realise this is a constantly changing target, and thank you and everyone involved for your work on this!
It seems that Chrome Store Foxified is no longer able to properly inject itself into the Chrome web store. Even when changing the user agent to Chrome, it simply doesn't show an install button of any kind. I assume Google is trying to block Firefox for some obnoxious reason. I noticed the following possibly relevant console messages:
14:11:13.075 SecurityError: Permission denied to access property "exports" on cross-origin object 1 react-with-addons.js:12
14:11:13.186 Content Security Policy: The page's settings blocked the loading of a resource at data:application/javascript;base64,KGZ1b... ("script-src 'unsafe-inline' https: http: 'unsafe-eval'"). 1 (unknown)
I'm running FF 54.0a2 (latest aurora RIP).
The text was updated successfully, but these errors were encountered: