Content-Security-Policy (CSP) warning #624

da2x · 2018-11-17T00:15:31Z

Visit a web page with a strict CSP such as Content-Security-Policy: default-src: none. (This works as a test page.)

The extension generates a console error message:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”).

I have a ton of extensions with content scripts installed, and this is the only one that triggers CSP warnings. I’ve not analyzed what IPFS Companion is doing that causes the warning.

Firefox Nightly 65.0a1 (2018-11-16)

The text was updated successfully, but these errors were encountered:

lidel · 2018-11-21T17:42:45Z

Good catch @da2x!

I am quite sure this is caused by window.ipfs experiment, which injects API via customized instance of ipfs-postmsg-proxy. We will look into this warning as a part of #589 and milestone/15.

For now, try disabling it on Preferences screen:

The error should go away.

lidel · 2020-10-19T18:38:59Z

Closing due to #589 (comment)

lidel added this to the window.ipfs 2.0 milestone Nov 21, 2018

lidel added status/deferred Conscious decision to pause or backlog P4 - Very Low labels Nov 21, 2018

jessicaschilling added P3 Low: Not priority right now and removed P4 - Very Low labels Mar 30, 2020

lidel closed this as completed Oct 19, 2020

karmanyaahm mentioned this issue Jun 13, 2021

Content Security Policy Error when loading scripts hosted on IPFS #1008

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Content-Security-Policy (CSP) warning #624

Content-Security-Policy (CSP) warning #624

da2x commented Nov 17, 2018

lidel commented Nov 21, 2018

lidel commented Oct 19, 2020

Content-Security-Policy (CSP) warning #624

Content-Security-Policy (CSP) warning #624

Comments

da2x commented Nov 17, 2018

lidel commented Nov 21, 2018

lidel commented Oct 19, 2020