Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Breaks in Firefox browser add-ons (aka browser extensions) #217

Closed
jankoegel opened this issue Dec 20, 2022 · 2 comments
Closed

Breaks in Firefox browser add-ons (aka browser extensions) #217

jankoegel opened this issue Dec 20, 2022 · 2 comments

Comments

@jankoegel
Copy link

jankoegel commented Dec 20, 2022
edited

The Problem

Ideas

  • we think the problem is around the web worker.
  • you cannot normally start a web worker in a browser extension (you cannot even load inline <script>s there, part of the content security policy)
  • the fix suggested here helps to fix a script loading error that only appears in Firefox:
    https://stackoverflow.com/a/64621646
    but we still cannot read QR codes :(
  • things seem to go wrong when setting an event listener on the worker here:

    qr-scanner/src/qr-scanner.ts

    Line 538 in abcfe1b

    qrEngineWorker.addEventListener('message', onMessage);

    Probably this is not permitted in a Firefox browser add-on!?

Help needed

  • does anyone have experience with a similar setup?
  • what else could we do to fix things?
@jankoegel jankoegel mentioned this issue Dec 20, 2022
Closed
4 tasks
@jankoegel
Copy link
Author

jankoegel commented Dec 20, 2022
edited

We fixed it by allowing blob URLs (which is how the worker is loaded by qr-scanner) in the browser add-on's manifest.json's Content Security Policy setting:

- "content_security_policy": "script-src 'self'; object-src 'self'",
+ "content_security_policy": "script-src 'self' blob:; object-src 'self'",

Apparently Chrome doesn't require this.
Found the idea here: https://bugzilla.mozilla.org/show_bug.cgi?id=1294996#c4

Closing this issue now, might help other people running into this issue with Firefox addons later :)

@jankoegel
Copy link
Author

we decided against using QR scanner in our project because we don't want to add unrestricted blob: to our extension's content_security_policy setting.
Related Mozilla bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1294996

@jankoegel jankoegel mentioned this issue Jan 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jankoegel