Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Firefox] Tampermonkey failed with CSP error (again) #700

Open
ulrichb opened this issue May 3, 2019 · 4 comments

Comments

@ulrichb
Copy link

commented May 3, 2019

This is a follow-up of #361 because we got CSP errors in Firefox again.

Content Security Policy: The page’s settings blocked the loading of a resource at eval (“script-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).

Completely disabling Tampermonkey in the Firefox Add-On manager removes the errors. Note that blacklisting the site, or disabling Tampermonkey in the toolbar does not remove these errors.

Tampermonkey: v4.9.5921 (Firefox)

@Alien426

This comment has been minimized.

Copy link

commented Jul 30, 2019

I have the same issue. It happens on Twitter. The script is not executed at all.

Tampermonkey is v4.9.5941 on Firefox.

@Arthaey

This comment has been minimized.

Copy link

commented Jul 30, 2019

I'm also seeing these errors in Slack. In the meanwhile, I've had to create a separate Firefox profile just for Slack where I turn off security.csp.enable.

@Frederick888

This comment has been minimized.

Copy link

commented Aug 11, 2019

I've got a script for Twitter which seems to be influenced by this issue as well. But oddly enough, while a "refresh without cache" somehow makes the script work, a normal refresh will break it again. Another strange thing that I noticed was that the script counter got bumped up by 1 every time I refreshed the page.

Turning off security.csp.enable also gave my script the green light to run but the counter issue still persisted. And by the way I didn't encounter this problem using Greasemonkey.

@eprowe

This comment has been minimized.

Copy link

commented Sep 12, 2019

Also experiencing these errors on FF 69 and Tampermonkey v4.9.5941. Trying to inject CSS from Slack Night Mode (Black) into Slack.com generates the following errors on refresh:

TypeError: a is undefined
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
TypeError: a is undefined
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src").

Only way to resolve the issue is to turn off security.csp.enable or via the "Experimental" option to "Add Tampermonkey to the sites content CSP". Enabling the "Security" option to "Add Tampermonkey to the site's content security policy (CSP) if there is one" had no effect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.