Skip to content

/uBlock

Loading…

New issue

Local mirroring breaking sites using CSP #384

Closed
Artefact2 opened this Issue · 1 comment

Labels

None yet

Milestone

No milestone

Assignee

No one assigned

2 participants

@Artefact2 @gorhill
@Artefact2
Artefact2 commented

Hi Raymond,

The local mirroring feature interferes with sites that use Content-Security-Policy headers. For example:

 Refused to load the stylesheet 'data:text/css;base64,LyogbGF0aW4gKi8KQGZvbnQtZmFjZSB7CiAgZm9udC1mYW1pbHk6IC…A3NCwgVSsyMEFDLCBVKzIyMTIsIFUrMjIxNSwgVStFMEZGLCBVK0VGRkQsIFUrRjAwMDsKfQo=' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com ".

You can reproduce the issue here: https://o.smium.org/

@gorhill
gorhill commented

Interesting.

At first glance, it looks like local mirroring should not kick in for sites with a CSP header, and to assume by default that such header will break redirecting to a data: URI.

@gorhill gorhill added a commit that closed this issue
@gorhill gorhill this fixes #384; more reading required for a long-term solution--if any be082cb
@gorhill gorhill closed this in be082cb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.