Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix content security policy #2

Closed
wants to merge 1 commit into from
Closed

Fix content security policy #2

wants to merge 1 commit into from

Conversation

Quinci135
Copy link

@Quinci135 Quinci135 commented Jan 4, 2021
edited

Images/icons/favicons don't load for the suspended page because content security policy changes done to remove tracking/analytics resources also took out data: and chrome: resources. This change fixed it for me

Removed here:
2b6225c#diff-6bc2c0b5164076a1b57b067398be19a40d2b8efa3428b03504562ea88593866cL52

@Quinci135
Fix content security policy
42f542b 
Images and favicons don't load for the suspended page because content security policy changes done to remove tracking/analytics resources also took out `data:` and `chrome:` resources. This change fixed it for me
@dcfsc
Copy link

dcfsc commented Jan 5, 2021

I suspect the error you are fixing is the one I am seeing:

Refused to load the image 'data:image/png;base64,iVBORw0KGg...5ErkJggg==' 
because it violates the following Content Security Policy directive: "img-src 'self'".
Context
_generated_background_page.html
Stack Trace
_generated_background_page.html:0 (anonymous function)
Nothing to see here, move along.

I will try your patch.

@dcfsc
Copy link

dcfsc commented Jan 5, 2021

For others:
$ git remote add quincii https://github.com/Quinci135/thegreatsuspender-notrack.git
$ git fetch quincii
$ git merge quincii/patch-2
Updating 41fbbd5..42f542b
Fast-forward
src/manifest.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

This did fix the error message and ThePrivateSuspender is back in action! Thanks!

@svil3
Copy link

svil3 commented Jan 7, 2021

I downloaded the Quinci fork and directly loaded it with chrome but I'm still presenting the same issue, any ideas?

@dcfsc
Copy link

dcfsc commented Jan 7, 2021

My only thought is to confirm you removed the old version first (after unsuspending all tabs) ? I have done this on two browsers with success. I have quite a few extensions installed, so not like I have an empty browser that would not conflict.

@crxed9
Copy link

crxed9 commented Jan 8, 2021
edited

I get a LOT of errors while installing thegreatsuspender-notrack-master.zip from Quinci135 (removed original extension first)

`Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAABMklEQVQ4T2NkQAPqMz+sZ2RgCPjPwMDACJWDsf8zMqy9mSYQgqwFpgYupjHrw+r//xnAikCScM0gPiPDihtpApEoBmyZXjON4T9DZidzCljxawYBsDyyyTBDQGLCDB/AcuV/54AUTWfcMq3mv4W+KrpPiOKfuHibYRAa8PnrdwZebk7SvfD//3+GSYs3M7TPWc+wsC2fwd3GAMWQv//+MRS2z2a4ce8pw8apNQycHGwMKGHw798/Bm3fHIbXH74yuFnqMizrKUEx4PvPXwyOCTUMdx69ZLi1bSqDED8PqgEg1Y9fvmHYffQCQ6i7NdgbG/adZLh68yGDka4qg6eNIcPPX7/BmI+HC2w4wVi4eucxQ3nvfIbO4gQGbRU5jHAhaAChkBw2BkAzEyH/YpVnZJgOAMmupQe5ogszAAAAAElFTkSuQmCC' because it violates the following Content Security Policy directive: "img-src 'self'".

Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAlUlEQVRYR+2XQQ7AIAgE8Zt8pvUzfLMNSXurhW3WmCZ4RWUcxWiTxa0tzi9DAFU9QLhuZjs4hgrguWGI0ICZvW7TgykIggnQRWS7tiANQQNwU6rqZwCCoAL46lEIOgAKMQUAgaABRPU/qqb/A0Qrv++JaQYKoAyUgTJQBspAGZhuIEqQjX9+D2QTRP1ggGhCVnz57/gEwPfpITHekWIAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self'".

Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAYklEQVQ4T2NkoBAwIuuPior6j8O8xmXLljVgk8MwYNmyZdgMfcjAwLAAmyFEGfDv3z9FJiamA9gMIcoAkKsiIiIUsBlClAHofkf2JkED0DWDAnrUgOEfBsRkTpzpgBjN6GoA24V1Efr1zoAAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self'".

Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAADyElEQVRYR8VXTYgbZRh+3m+SrWvZil7WQxWKIL1YQRAKKlYQQbzpRas02d3ZbWZxtQVbRC/jwR9aodXYndk42U1ErYiKFw+ChxbtQbZe6smCVGgLrkiLu9XSJPs9MrOZ7GQySSZ7yUAgM+/f8/5+7ycY8iNDto+BAEwVCs/rdSlozT0AtgPINh2oA/hXKbmgDLpl1/0irWOpAByYOXhMGvIqBCOpFBM1ZvjBJ6WFo/34ewIwzbnHGmh8R3Ksn6IkuoisZZB5xvOKP3aT7wpgwiy8ooETIFRMuAZgWUSWRfEiqQTkbhKTAP20tD8CrYDDS577YSLIpI+BceIksFkjAvxDkaO7do5XbNv2QbSe3PTsi9D60x5R8mEeSgLREQE/7HXUz0Q9F5FvxkYz+4vF4q0kI3nT+ozk/p5pEugssvvi6egAkDet1WjOR...6GRW4IeJHAb6Lky0rJ+TbKO2FaLxF8n8R4pJhvgnhPlPxNrU81O4HVxU4ArRSk9lzw1Y7R7FSxWFwNZfK2fRuu/rVboHcCsjaalV/m5+dv5E0r2jmJKYgWYXoMArviuW/1E8hNFX4C8EiTr7MIY23YT98mXeT69hG51/eym5Bt2yOXLv+5FinysxUv1oYdgyg9BGRFHvQ850KvtgW5ENITB5FPjI7iAexDGcbepdKpn5Nk5ubmtq39V18hcEezAJNHcQBg2joOzdd6G5dVCK5GeQzDOLC48NH5JLm8aX1N8tmQ1vMw8pnix3GHUsHpquf2PvubQnnTepvkG6GOvsfxxkDpXEjaQKQAEIT9ZuPzqOdIu5D4xpJWss3B0j0CQbVfWckLeayV8w3B9CtZaKj7UsoaIMtK4Rwov0PRoJb7ST4MwP+1r+5bWUpDEENdy6N5H9rFJN4BQ7uaDTKUBuVNdTccVOkg/P8DOQvDMDxZB4AAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self'".

Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAB3UlEQVQ4T6WTP2hTURjFz7nP2EpxK0pBEFwcnDu3ZMiQWSKK0CQmmgSHVgdBUPEPoqBYHJLQvuZPEZSAq2CGqoOLLi4ijrqIXcVom+Qeua95+VONS+/0OJfvd893vu8RezzcXX92cXEm8nPrqYRZSQfcPclfJN63pyZOP1le/jZcMwJInS8sqWvvC4iQsBA2BbYBHQk4QJueuVJdKT4KIX2AK7Zd+xCAJXEzHoveTSQS3WTm4rzUeTX0qoxnLoeQAOBsez+2vgKiJ56oVEqfnZ7KFB5Y2DMQZnbZbncOTh517QSAVDb/2lrNkbhe88u3nZbMFmZl7btxGRvDN9XV0nwAWEjnWjSYiMei+53tHnROVsUe4JiAyREXZKvml6Z2AOdylsD32lp5xGpYkMzkn0k6NQBoG2CkvlY2fYBLeeiFLsEvoNbjseidZvPtdEfbSyCmIbwE9FjA4QEgnWuBCGa++3g0CxW/uB7qjUbDe9HccA5+91sIQ/xnYORK3S9dGLSTuybh1kiIQ2Pc14eQPoAPBvpU9csbTk+n88e71EcCdmSMQeqDRdrJwuBkfbX83H32bF+VcMPd/LVIfXvZ/CVY3XOrDKJDYBOCAXFIgkt8/CqHkD39TOO27n/6HyyR4xF0kx9xAAAAAElFTkSuQmCC' because it violates the following Content Security Policy directive: "img-src 'self'".

Refused to load the image 'chrome://favicon/size/16@2x/http://chromeDefaultFavicon' because it violates the following Content Security Policy directive: "img-src 'self'".

Refused to load the image 'chrome://favicon/size/16@2x/chromeDefaultFavicon' because it violates the following Content Security Policy directive: "img-src 'self'".

Uncaught (in promise) TypeError: Cannot read property 'normalisedDataUrl' of undefined
`

Any idea?

@Rozkipz
Copy link

Rozkipz commented Jan 8, 2021
edited

Steps I took to fix this:

  1. Bookmark/un-suspend your tabs (otherwise you will either lose them, or have to change the extension ID on your suspended ones).
  2. Remove the old extension (this closed all my suspended tabs but luckily I had them saved with session buddy).
  3. Download the aciidic release.
  4. Extract somewhere where this won't get deleted.
  5. Open src/manifest.json.
  6. Change line 49 to be "content_security_policy": "script-src 'self'; object-src 'self'; child-src 'self'; connect-src 'self'; img-src 'self' data: chrome:; style-src 'self'; default-src 'self'",.
  7. Load the extension as described in the README.

Alternately, you can install the old 7.1.6 version in the same way (without the editing of manifest.json) by downloading the release: https://github.com/greatsuspender/thegreatsuspender/archive/v7.1.6.zip

@aciidic
Copy link
Owner

aciidic commented Jan 17, 2021

My apologies for not understanding the required data: chrome: in the manifest.

I've tested and this does solve the favicon issue; so I've amended the code and released a new version here.

Thank you!

@aciidic aciidic closed this Jan 17, 2021
@Technetium1
Copy link

@aciidic still have a bunch of errors in your newest release, not sure it's been fully fixed?

Unrecognized Content-Security-Policy directive 'data:'.
Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAABOklEQVQ4T2NkQAPqMz+sZ2RgCPjP8J+BkYERLPufgQHM+s/IsPZmmkAIshaICiSgMevD6v//GcCKwJrg9H8GRkbGFTfSBCJRDNgyvWoaw3+mzE7mFLDi1wwCYHlkk2GGgMSEGT6A5cr/zmFgYPw3nXHLtJr/Fvqq6A4hin/i4m2GQWjA56/fGXi5OUn3wv///xkmLd7M0D5nPcPCtjwGdxtDFEP+/vvHUNg+m+HGvacMG6fWMHBysDGghMG/f/8YtH1zGF5/+MrgZqnLsKynBMWA7z9/MTgm1DDcefSS4da2qQxC/DyoBoBUP375hmH30QsMoe7WYG9s2HeS4crNhwzGuqoMnjaGDD9//QZjPh4usOEEY+HqnccM5b3zGTqLExi0VeQwwoWgAYRCctgYAM1MhPyLVZ7x33QArZGpA63lYU0AAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self'".
Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAYklEQVQ4T2NkoBAwIuuPior6j8O8xmXLljVgk8MwYNmyZdgMfcjAwLAAmyFEGfDv3z9FJiamA9gMIcoAkKsiIiIUsBlClAHofkf2JkED0DWDAnrUgOEfBsRkTpzpgBjN6GoA24V1Efr1zoAAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self'".
Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAADyElEQVRYR8VXTYgbZRh+3m+SrWvZil7WQxWKIL1YQRAKKlYQQbzpRas02d3ZbWZxtQVbRC/jwR9aodXYndk42U1ErYiKFw+ChxbtQbZe6smCVGgLrkiLu9XSJPs9MrOZ7GQySSZ7yUAgM+/f8/5+7ycY8iNDto+BAEwVCs/rdSlozT0AtgPINh2oA/hXKbmgDLpl1/0irWOpAByYOXhMGvIqBCOpFBM1ZvjBJ6WFo/34ewIwzbnHGmh8R3Ksn6IkuoisZZB5xvOKP3aT7wpgwiy8ooETIFRMuAZgWUSWRfEiqQTkbhKTAP20tD8CrYDDS577YSLIpI+BceIksFkjAvxDkaO7do5XbNv2QbSe3PTsi9D60x5R8mEeSgLREQE/7HXUz0Q9F5FvxkYz+4vF4q0kI3nT+ozk/p5pEugssvvi6egAkDet1WjOR...6GRW4IeJHAb6Lky0rJ+TbKO2FaLxF8n8R4pJhvgnhPlPxNrU81O4HVxU4ArRSk9lzw1Y7R7FSxWFwNZfK2fRuu/rVboHcCsjaalV/m5+dv5E0r2jmJKYgWYXoMArviuW/1E8hNFX4C8EiTr7MIY23YT98mXeT69hG51/eym5Bt2yOXLv+5FinysxUv1oYdgyg9BGRFHvQ850KvtgW5ENITB5FPjI7iAexDGcbepdKpn5Nk5ubmtq39V18hcEezAJNHcQBg2joOzdd6G5dVCK5GeQzDOLC48NH5JLm8aX1N8tmQ1vMw8pnix3GHUsHpquf2PvubQnnTepvkG6GOvsfxxkDpXEjaQKQAEIT9ZuPzqOdIu5D4xpJWss3B0j0CQbVfWckLeayV8w3B9CtZaKj7UsoaIMtK4Rwov0PRoJb7ST4MwP+1r+5bWUpDEENdy6N5H9rFJN4BQ7uaDTKUBuVNdTccVOkg/P8DOQvDMDxZB4AAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self'".
Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAB3UlEQVQ4T6WTP2hTURjFz7nP2EpxK0pBEFwcnDu3ZMiQWSKK0CQmmgSHVgdBUPEPoqBYHJLQvuZPEZSAq2CGqoOLLi4ijrqIXcVom+Qeua95+VONS+/0OJfvd893vu8RezzcXX92cXEm8nPrqYRZSQfcPclfJN63pyZOP1le/jZcMwJInS8sqWvvC4iQsBA2BbYBHQk4QJueuVJdKT4KIX2AK7Zd+xCAJXEzHoveTSQS3WTm4rzUeTX0qoxnLoeQAOBsez+2vgKiJ56oVEqfnZ7KFB5Y2DMQZnbZbncOTh517QSAVDb/2lrNkbhe88u3nZbMFmZl7btxGRvDN9XV0nwAWEjnWjSYiMei+53tHnROVsUe4JiAyREXZKvml6Z2AOdylsD32lp5xGpYkMzkn0k6NQBoG2CkvlY2fYBLeeiFLsEvoNbjseidZvPtdEfbSyCmIbwE9FjA4QEgnWuBCGa++3g0CxW/uB7qjUbDe9HccA5+91sIQ/xnYORK3S9dGLSTuybh1kiIQ2Pc14eQPoAPBvpU9csbTk+n88e71EcCdmSMQeqDRdrJwuBkfbX83H32bF+VcMPd/LVIfXvZ/CVY3XOrDKJDYBOCAXFIgkt8/CqHkD39TOO27n/6HyyR4xF0kx9xAAAAAElFTkSuQmCC' because it violates the following Content Security Policy directive: "img-src 'self'".
Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAlUlEQVRYR+2XQQ7AIAgE8Zt8pvUzfLMNSXurhW3WmCZ4RWUcxWiTxa0tzi9DAFU9QLhuZjs4hgrguWGI0ICZvW7TgykIggnQRWS7tiANQQNwU6rqZwCCoAL46lEIOgAKMQUAgaABRPU/qqb/A0Qrv++JaQYKoAyUgTJQBspAGZhuIEqQjX9+D2QTRP1ggGhCVnz57/gEwPfpITHekWIAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self'".
Refused to load the image 'chrome://favicon/size/16@2x/http://chromeDefaultFavicon' because it violates the following Content Security Policy directive: "img-src 'self'".
Refused to load the image 'chrome://favicon/size/16@2x/chromeDefaultFavicon' because it violates the following Content Security Policy directive: "img-src 'self'".

@aciidic
Copy link
Owner

aciidic commented Jan 24, 2021

I can't seem to replicate those errors, it seems to be fine for me.

Are you using latest crx file from releases?

I messed up the source on the release, if you're creating from source then use the very latest master branch in this repo

@Technetium1
Copy link

Technetium1 commented Jan 24, 2021
edited

Instead of downloading from master, I did a git clone. Now I have a different error, but it seems to not be relevant since it says Nothing to see here, move along.. Also you did not add a crx to the latest release.

Site cannot be installed: Page is not served from a secure origin
Context
shortcuts.html
Stack Trace
shortcuts.html:0 (anonymous function)
Nothing to see here, move along.
Site cannot be installed: Page is not served from a secure origin
Site cannot be installed: Page is not served from a secure origin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
7 participants
@Quinci135 @dcfsc @svil3 @crxed9 @Rozkipz @aciidic @Technetium1