Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content-Security-Policy breaks standardebooks.org/ebooks in Firefox #397

Closed
blackspike opened this issue Sep 15, 2024 · 3 comments
Closed

Content-Security-Policy breaks standardebooks.org/ebooks in Firefox #397

blackspike opened this issue Sep 15, 2024 · 3 comments

Comments

@blackspike
Copy link

Hi! The site is broken in Firefox due to CSP errors

2024-09-15T07 44 05

EvalError: call to eval() blocked by CSP
Content-Security-Policy: The page’s settings blocked an inline script (script-src-elem) from being executed because it violates the following directive: “default-src 'self'” [tab.js:1:11329](moz-extension://5e60dc23-ce5d-4331-8b70-40a6d0c8bf38/tab.js)
Content-Security-Policy: The page’s settings blocked a JavaScript eval (script-src) from being executed because it violates the following directive: “default-src 'self'” (Missing 'unsafe-eval')
Source: ;(function n(e,t=!1){const o="6.0";let r… [ebooks](https://standardebooks.org/ebooks)
EvalError: call to eval() blocked by CSP
Content-Security-Policy: The page’s settings blocked a JavaScript eval (script-src) from being executed because it violates the following directive: “default-src 'self'” (Missing 'unsafe-eval')
Source: ;(function n(e){let t=1e3,n=10;function … [ebooks](https://standardebooks.org/ebooks)
TypeError: can't access property "addEventListener", document.body is null
[content_script.js:761:3](moz-extension://b6926198-4b4b-5543-b2b9-e11a135146ce/content_script.js)
Failed to fetch moz-extension://4b6d7cce-c762-411f-b547-bd5805377184/inline/injected.js, Import failed 3 times. Final error: can't access property "nodeName", window.document.body is null
@robinwhittleton
Copy link
Member

Thanks for the report. I suspect an extension of yours is trying to add some JS into the site, which as you can see is blocked by our CSP. Are you seeing a broken site, or just CSP errors?

If the site is broken and you have time, could you try disabling extensions until it starts working, then let us know which one caused the issue? I can then try to debug further.

@blackspike
Copy link
Author

I should have thought of that sorry, yes it was an extension, https://addons.mozilla.org/en-GB/firefox/addon/apollo-developer-tools was the culprit, it works fine with that turned off! Probably not common enough to worry about

@robinwhittleton robinwhittleton mentioned this issue Sep 15, 2024
Open
@robinwhittleton
Copy link
Member

I’m going to close this issue as there’s nothing we‘d want to do to try to fix it, but I’ve opened apollographql/apollo-client-devtools#1519 for the extension authors to have a look at.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@robinwhittleton @blackspike