-
-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] CSP error #89
Comments
2022.08.15.01 shloud solve the problem |
Hi, I already test the line "@connect discord.com" but it doesn't work. Kind regards. |
Related to CSP Policy. The current Waze CSP Policy can contact SpreadSheets, but not Discord, Slack, Telegram and so On... We Will have to add a WME-send-to-slack/WME-send-to-slack.user.js Lines 192 to 226 in cc42226
|
Actually, reviewing it, the previous shared code it's OK. We just have to replace the AJAX with WME-send-to-slack/WME-send-to-slack.user.js Lines 521 to 536 in cc42226
and this WME-send-to-slack/WME-send-to-slack.user.js Lines 555 to 574 in cc42226
even WME-send-to-slack/WME-send-to-slack.user.js Lines 597 to 606 in cc42226
and finally WME-send-to-slack/WME-send-to-slack.user.js Lines 616 to 624 in cc42226
This requires further dev, and implementation. Sorry, this will take time. |
Required @connect slack.com
@connect discordapp.com
@connect discord.com
@connect telegram.org
@connect google.com This will be for Google Forms, Slack, Discord and Telegram |
I have sent a request to Staff to modify their current CSP Policy to add: discordapp.com
discord.com
api.telegram.org
hooks.slack.com Let's wait for them before having to use the |
This issue is in Prod, lets wait for Staff until making the required changes. |
Staff Response:
|
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward? |
This issue has been automatically closed because it has not had any comments for a while, feel free to reopen it if needed |
[ x ] I've tryied to disable every other scripts
[ x ] I've updated the Browser
[ x ] I've updated Tampermonkey/GreaceMonkey
[ x ] I've updated the script to the latest
Describe the bug
When i tried to use STS script, script said that the request is send but in discord app we can't found it. After many test i observed that there is an error with the content security policy.
In the console of developer tool, we obtain this error :
Refused to connect to https://discord.com/api/[REDACTED]/slack' because it violates the following Content Security Policy directive: "connect-src 'self' editor-assets.waze.com www.google-analytics.com storage.googleapis.com maps.googleapis.com www.googleapis.com stats.g.doubleclick.net clouderrorreporting.googleapis.com sheets.googleapis.com docs.google.com tigerweb.geo.census.gov services.arcgis.com"
Desktop (please complete the following information):
Additional context
For solving this issue temporary, I've set
Modify existing content security policy (CSP) headers
toRemove entirely (possibly unsecure)
The text was updated successfully, but these errors were encountered: