-
Notifications
You must be signed in to change notification settings - Fork 417
-
Notifications
You must be signed in to change notification settings - Fork 417
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Firefox] Tampermonkey failed with CSP error (again) #700
Comments
I have the same issue. It happens on Twitter. The script is not executed at all. Tampermonkey is v4.9.5941 on Firefox. |
I'm also seeing these errors in Slack. In the meanwhile, I've had to create a separate Firefox profile just for Slack where I turn off |
I've got a script for Twitter which seems to be influenced by this issue as well. But oddly enough, while a "refresh without cache" somehow makes the script work, a normal refresh will break it again. Another strange thing that I noticed was that the script counter got bumped up by 1 every time I refreshed the page. Turning off |
Also experiencing these errors on FF 69 and Tampermonkey v4.9.5941. Trying to inject CSS from Slack Night Mode (Black) into Slack.com generates the following errors on refresh:
Only way to resolve the issue is to turn off |
For me "Add Tampermonkey to the sites content CSP" option had no effect either. The only working "workaround" is to switch to Greasemonkey. |
This might be solvable now that Firefox seems to have a userScripts API available. See my comment on #418 for details. |
For those who just got new Firefox update and is facing this issue just go to "about:config" and set "security.csp.enable" to "false". |
Doing this will leave the user open to cross-site scripting attacks. Please vote and comment on https://bugzilla.mozilla.org/show_bug.cgi?id=866522 |
Violentmonkey tries to address the problem: |
That issue is 7 years old. Well good luck convincing Mozilla... |
Evaluating code in extension context is most probably not a permanent solution because of manifest v3 changes. |
Perhaps. Hopefully Firefox (and other browsers) will not buy into v3 wholesale. |
Please see #952 (comment) for a better workaround. I'm closing this in favor of #952 |
This is a follow-up of #361 because we got CSP errors in Firefox again.
Completely disabling Tampermonkey in the Firefox Add-On manager removes the errors. Note that blacklisting the site, or disabling Tampermonkey in the toolbar does not remove these errors.
Tampermonkey: v4.9.5921 (Firefox)
The text was updated successfully, but these errors were encountered: