Don't break when CSP is on in Firefox (#616) #621
Conversation
|
Any chance someone could look at this for us lowly Firefox users? Here is the section in MDN that tells you about evaluating scripts in the content window if it helps. (Also, not sure if I did the browser detection right, not something I try to do normally but maybe unavoidable in an extension). |
|
Hey @chearon Thanks for taking the time and working on it, however I don't think this is the right solution. What I see here is omitting I personally don't set those headers in dev environment, but rather on staging/production, where they actually matter. Have you considered this approach, or am I missing something? :) |
This still works with
That's what I did initially, but we realized that that's a dangerous route to go down because you won't catch CSP issues until after deployment. |
|
Ah, so what you're saying is that Firefox treats |
Yep! I guess Chrome keeps track of where a |
|
Such a lovely quirk :D I'll try to run this solution natively on my mac tomorrow and I'll also confirm firefox detection then :) Hopefully I'll have some time in the evening. |
|
Any update on this? Looks like there are a few other Firefox users after all! |
|
Any update on this? |
|
Would love to see this merged! 👍 |
|
❤️ |
Turns out #616 is specific to Firefox. In Firefox you can to use
window.evalto evaluate on the content window. This tests the browser to see if the script should be evaluated that way, and uses the old behavior for Chrome/Safari.