-
Notifications
You must be signed in to change notification settings - Fork 46.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug: React Dev Tools Firefox extension fails to detect React #17997
Comments
It's happening because the page is explicitly blocking our script that gets injected in the page.
|
What are my options here? |
Can I take this issue? |
@ruslan-shuster sure! assigning to you. |
Chrome Too... |
@ineggapps may I ask what is the url you were trying to access? |
For me it works just fine in Chromium[ungoogled] 79.0.3945.88. |
@Kein the problem which you described is now more or less understood
So, what I'm going to do (if react core team agrees with this solution), is to implement some dedicated solution for You can see more discussion of the problem & solutions here. |
@threepointone I had some time investigating this issue, and in order to solve it some decisions should be taken which I, as the first-time contributor, don't feel empowered to take. I'd like to hear your opinion, and also opinion of @bvaughn, if possible. So, here is what happens:
The reason for such injection is that both Chrome and Firefox make some restriction for communication with the If The ideal solution for Another solution would be to use hashes to whitelist The third solution is to notify the user when we did not succeed to install hooks. Here is another problem: we cannot for sure identify that it happened because of the So, I'd like to know what you think about it and what direction the solution should take? |
This is a very helpful writeup, @ruslan-shuster. Thank you! I agree with you that the first solution is not ideal. The second one sounds promising, although I wonder how often the hash would change. (I guess the hook source changes pretty infrequently.) Maybe we could even combine solutions two and three, so if the insert fails- and we think it's likely CSP related- we log the exact CSC sha hash string that would need to be used to enable the current version of DevTools tow ork? |
@bvaughn sounds good, thanks for your help! Now I know which direction to take. Working on it... |
One thing to note—this is a Firefox-specific bug, because the Content Script Policy spec says that add-ons and other user customizations should not be subject to content security policy, and Chrome implements this correctly. https://bugzilla.mozilla.org/show_bug.cgi?id=1267027 is the Firefox tracking bug to fix this issue. |
Thanks for that link, @nightpool |
This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment! |
bump |
This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment! |
Hi - I'm new to open source. Is this issue already being dealt with or can I take a shot at it? |
@Alef5750 You are welcome to look into this issue if you'd be interested 😄 It's still up for grabs. |
Will do! Thanks!
…On Wed, May 26, 2021 at 5:09 PM Brian Vaughn ***@***.***> wrote:
@Alef5750 <https://github.com/Alef5750> You are welcome to look into this
issue if you'd be interested 😄 It's still up for grabs.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#17997 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AP3YZTE2MSIDWSSN7QGP6JDTPT6J5ANCNFSM4KRMSQQA>
.
|
@bvaughn thanks for adding https://github.com/facebook/react/blob/main/packages/react-devtools/CONTRIBUTING.md I am going to see if I can duplicate this issue in firefox. do you know if similar is expected to work for firefox?
|
@colegillespie Yes. You can replace "chrome" with either "firefox" or "edge" if you wanted to test other browsers 👍🏼 |
@bvaughn confirmed, was able to repro the error with the tests running
will see if i can fix now |
@bvaughn I was able to get this working and tests passing. Quite a drastic change in the way the global hook is inserted so please check the PR and make sure I am not doing anything too aggregious. |
Hello, |
@garykhong Feel free to take a look! |
Thanks Brian. Something came up, and I will try to look at this on the weekend. Do you have a guide on how I can debug the react dev tools? |
Just the contributing guide: |
Hi Brian, I was able to get discord.com in firefox to load the react developer tools by setting the correct nonce on the injectGlobalHook.js script variable on line 8. Is the ideal solution still to hash this script variable and to 'Add the hash to DevTools setting UI'? Or are you happy with catering just for Content Security Policies with nonce being set? |
Hey @bvaughn @garykhong , is anyone looking at this or can I take a crack at it as a first-time contributor? :D |
Go for it Vidur |
I'm seeing this issue as well. It looks like uBlock Origin was able to work around this by just shoving the script into a Blob URL |
This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment! |
bump |
This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment! |
Closing this issue after a prolonged period of inactivity. If this issue is still present in the latest release, please create a new issue with up-to-date information. Thank you! |
React extension version: 4.4.0
Steps To Reproduce
The current behavior
Extension reports: "This page does not appears to be using React"
The expected behavior
React is detected (just like it is currently in Chrome/Chromium)
The text was updated successfully, but these errors were encountered: