Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

`embed-gist-inline` fails on Firefox #2022

Open
bfred-it opened this issue May 11, 2019 · 3 comments

Comments

Projects
None yet
2 participants
@bfred-it
Copy link
Collaborator

commented May 11, 2019

  1. Visit #1579
  2. See "embed failed"

Repository owner deleted a comment from algern9n May 12, 2019

Repository owner deleted a comment from algern9n May 12, 2019

@dotconnor

This comment has been minimized.

Copy link
Contributor

commented May 12, 2019

Looks like this is an issue when Chrome instead. Firefox blocks the request because of CSP. Chrome, however, allows it, but it seems as though it only allows the request when it is executed in an extension context only.

Relevant Error from Firefox:

Content Security Policy: The page’s settings blocked the loading of a resource at https://gist.github.com/sompylasar/99b5d307da3168b833c1119fb95caf11.json (“connect-src”).
TypeError: NetworkError when attempting to fetch resource.

TypeError: "NetworkError when attempting to fetch resource."
    embedGist embed-gist-inline.tsx:20
    embed_gist_inline_init embed-gist-inline.tsx:49
    features_run features.tsx:124
    add features.tsx:192
    onAjaxedPages features.tsx:59
    onAjaxedPagesRaw features.tsx:53
    onAjaxedPages features.tsx:57
    add features.tsx:192
    ts embed-gist-inline.tsx:52

Github's connect-src policy for reference:

'self'
uploads.github.com
www.githubstatus.com
collector.githubapp.com
api.github.com
www.google-analytics.com
github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com
github-production-upload-manifest-file-7fdce7.s3.amazonaws.com
github-production-user-asset-6210df.s3.amazonaws.com
wss://live.github.com
@bfred-it

This comment has been minimized.

Copy link
Collaborator Author

commented May 13, 2019

We had this issue before, it may be worth finding the bugzilla page to see the status of this limitation and if they’re gonna fix it soon. It’s probably not worth setting up messaging with background.js just for this

@bfred-it

This comment has been minimized.

Copy link
Collaborator Author

commented May 13, 2019

This is a weird bug because technically "Content script requests happen in the context of extension, not content page" in Firefox, but then the content page's CSP applies to said requests. The worst of both worlds.

Perhaps the solution is to add a CSP to the extension itself, but I don't think that's currently possible

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.