Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MV3 CSP Blocking Reddit media player #5511

Closed
benmcgarry opened this issue Mar 29, 2024 · 5 comments · Fixed by #5512
Closed

MV3 CSP Blocking Reddit media player #5511

benmcgarry opened this issue Mar 29, 2024 · 5 comments · Fixed by #5512

Comments

@benmcgarry
Copy link
Collaborator

benmcgarry commented Mar 29, 2024
edited

Refused to load the script 'https://www.redditstatic.com/videoplayer.XCrwE8Bi5A4.js' because it violates the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval' 'inline-speculation-rules'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

https://github.com/honestbleeps/Reddit-Enhancement-Suite/blob/master/lib/utils/pageContextScript.js

Stack trace points here:

Reddit-Enhancement-Suite/lib/modules/showImages.js

Lines 460 to 476 in 580e8ea

module.onInit = () => {
if (isAppType('r2')) {
// We'll probably replace Reddit's video player, so disable the script containing it for now
// This happens on `onInit` since RES' options load slower than the script's
const preventVideoPlayerScriptTasks = [
stopPageContextScript(script => (/^\/?videoplayer\./).test(new URL(script.src, location.origin).pathname), 'head', true),
// Reddit loads scripts which initializes the video player, which will cause a slowdown if not blocked
stopPageContextScript(script => !!script.innerHTML.match('RedditVideoPlayer'), PagePhases.contentStart.then(() => document.querySelector('#siteTable')), false),
];
loadOptions.then(() => {
// We might need to restore the native player
const removeNativePlayer = Modules.isRunning(module) && isSiteModuleEnabled(vreddit) && vreddit.options && vreddit.options.forceReplaceNativeExpando.value;
if (!removeNativePlayer) forEachSeq(preventVideoPlayerScriptTasks, ({ undo }) => undo());
});
}
};

@benmcgarry
Copy link
Collaborator Author

Appears https://github.com/honestbleeps/Reddit-Enhancement-Suite/blob/master/lib/modules/hosts/vreddit.js is pulling in a external script and MV3 doesnt allow that anymore.

@benmcgarry
Copy link
Collaborator Author

@larsjohnsen did we remove DASH js? 7fd526f#diff-56fcec0ae3a2599374d046db2cab20da5ffbd482ad4c6c8e609f9468eb550a08

@larsjohnsen
Copy link
Collaborator

larsjohnsen commented Mar 29, 2024
edited

No, but it it is added directly via build.js.

The onInit block in showImages had, as far as I can remember, no side effects other than some performance improvements, so I think we might as well remove it.

@benmcgarry
Copy link
Collaborator Author

benmcgarry commented Mar 29, 2024
edited

Removing that onInit block may have fixed it... Not able to repro it anymore and no CSP error. It looks like Reddits advert block might have been messing with it.

@benmcgarry benmcgarry mentioned this issue Mar 29, 2024
Merged
@benmcgarry
Copy link
Collaborator Author

Looking at 507c0b2

I think its because theyve started to run ads through the same domain with a different player.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove showImages onInit benmcgarry/Reddit-Enhancement-Suite
2 participants
@larsjohnsen @benmcgarry