Pomoc přepytać

Hladajće so wobšudstwa pomocy. Njenamołwimy was ženje, telefonowe čisło zawołać, SMS pósłać abo wosobinske informacije přeradźić. Prošu zdźělće podhladnu aktiwitu z pomocu nastajenja „Znjewužiwanje zdźělić“.

Dalše informacije

In a hacked computer, using Firefox, I see the content-security-policy for chatgpt includes chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj Would this extension be installed in the computer?

  • 3 wotmołwy
  • 0 ma tutón problem
  • 2 napohladaj
  • Poslednja wotmołwa wot cor-el

more options

Below is the content-security-policy Firefox loads for chatGPT:

default-src 'self'; script-src 'self' 'nonce-eec8ce04-1f27-4481-8ed6-b8f877eef280' 'wasm-unsafe-eval' chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ wss://*.chatgpt.com wss://*.chatgpt.com/; script-src-elem 'self' 'nonce-eec8ce04-1f27-4481-8ed6-b8f877eef280' 'sha256-RvbVrdDS11FSnQaULCOgXPA5u0nMP2Im1d2pGiRBGC4=' 'sha256-eMuh8xiwcX72rRYNAGENurQBAcH7kLlAUQcoOri3BIo=' auth0.openai.com challenges.cloudflare.com chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://apis.google.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://docs.google.com https://jidori.g1.internal.services.openai.org https://js.live.net/v7.2/OneDrive.js https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ https://www-onepick-opensocial.googleusercontent.com wss://*.chatgpt.com wss://*.chatgpt.com/; img-src * 'self' blob: data: https: https://docs.google.com https://drive-thirdparty.googleusercontent.com https://ssl.gstatic.com; style-src 'self' 'unsafe-inline' chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ wss://*.chatgpt.com wss://*.chatgpt.com/; font-src 'self' data: https://*.oaistatic.com https://fonts.gstatic.com; connect-src 'self' *.oaiusercontent.com api-iam.intercom.io api-js.mixpanel.com browser-intake-datadoghq.com chatgpt.com/ces fileserviceuploadsperm.blob.core.windows.net http://0.0.0.0:* http://localhost:* https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.onedrive.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://content.googleapis.com https://docs.google.com https://events.statsigapi.net https://featuregates.org https://graph.microsoft.com https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ https://www.googleapis.com o33249.ingest.sentry.io statsigapi.net wss://*.chatgpt.com wss://*.chatgpt.com/ wss://*.intercom.io wss://*.webpubsub.azure.com; frame-src challenges.cloudflare.com https://*.sharepoint.com https://content.googleapis.com https://docs.google.com https://onedrive.live.com https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ js.stripe.com; worker-src 'self' blob:; media-src blob: 'self' *.oaiusercontent.com fileserviceuploadsperm.blob.core.windows.net https://cdn.openai.com https://persistent.oaistatic.com; frame-ancestors chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj; report-to chatgpt-csp-new; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1f79f8ac903a5872ae5f53026d20a77c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=version%3Achatgpt-csp-new

Notice that it includes " frame-ancestors chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj"

Would this extension be installed in the computer, kind of like the extensions that are loaded from Chrome (i.e., C:\Users\myUser\AppData\Local\Google\Chrome\User Data\extensions_crx_cache)?

Thanx

Below is the content-security-policy Firefox loads for chatGPT: default-src 'self'; script-src 'self' 'nonce-eec8ce04-1f27-4481-8ed6-b8f877eef280' 'wasm-unsafe-eval' chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ wss://*.chatgpt.com wss://*.chatgpt.com/; script-src-elem 'self' 'nonce-eec8ce04-1f27-4481-8ed6-b8f877eef280' 'sha256-RvbVrdDS11FSnQaULCOgXPA5u0nMP2Im1d2pGiRBGC4=' 'sha256-eMuh8xiwcX72rRYNAGENurQBAcH7kLlAUQcoOri3BIo=' auth0.openai.com challenges.cloudflare.com chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://apis.google.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://docs.google.com https://jidori.g1.internal.services.openai.org https://js.live.net/v7.2/OneDrive.js https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ https://www-onepick-opensocial.googleusercontent.com wss://*.chatgpt.com wss://*.chatgpt.com/; img-src * 'self' blob: data: https: https://docs.google.com https://drive-thirdparty.googleusercontent.com https://ssl.gstatic.com; style-src 'self' 'unsafe-inline' chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ wss://*.chatgpt.com wss://*.chatgpt.com/; font-src 'self' data: https://*.oaistatic.com https://fonts.gstatic.com; connect-src 'self' *.oaiusercontent.com api-iam.intercom.io api-js.mixpanel.com browser-intake-datadoghq.com chatgpt.com/ces fileserviceuploadsperm.blob.core.windows.net http://0.0.0.0:* http://localhost:* https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.onedrive.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://content.googleapis.com https://docs.google.com https://events.statsigapi.net https://featuregates.org https://graph.microsoft.com https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ https://www.googleapis.com o33249.ingest.sentry.io statsigapi.net wss://*.chatgpt.com wss://*.chatgpt.com/ wss://*.intercom.io wss://*.webpubsub.azure.com; frame-src challenges.cloudflare.com https://*.sharepoint.com https://content.googleapis.com https://docs.google.com https://onedrive.live.com https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ js.stripe.com; worker-src 'self' blob:; media-src blob: 'self' *.oaiusercontent.com fileserviceuploadsperm.blob.core.windows.net https://cdn.openai.com https://persistent.oaistatic.com; frame-ancestors chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj; report-to chatgpt-csp-new; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1f79f8ac903a5872ae5f53026d20a77c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=version%3Achatgpt-csp-new Notice that it includes " frame-ancestors chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj" Would this extension be installed in the computer, kind of like the extensions that are loaded from Chrome (i.e., C:\Users\myUser\AppData\Local\Google\Chrome\User Data\extensions_crx_cache)? Thanx

Wšě wotmołwy (3)

more options

Wužitny?

more options

cor-el, I accessed the webpage through https://chatgpt.com, not chat.openai.com.

I found your answer to be unhelpful and lacking depth. The content-security-policy (CSP) I mentioned above seems very suspicious, especially the connect-src http://0.0.0.0:* http://localhost:*. This suggests that a middleman might have modified the settings to reduce Firefox's security warnings.

For reference, here is some information from https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors about the CSP frame-ancestors directive:

The HTTP Content-Security-Policy (CSP) frame-ancestors directive specifies valid parents that may embed a page using `<frame>`, `<iframe>`, `<object>`, or `<embed>`.

Among other, sources can include "scheme-source": A scheme such as http: or https:. The colon is required and the scheme should not be quoted. Data schemes can also be specified (not recommended).

  • data: Allows data: URLs to be used as a content source. This is insecure as an attacker can inject arbitrary data: URLs. Use this sparingly and definitely not for scripts.
  • mediastream: Allows mediastream: URIs to be used as a content source.
  • blob: Allows blob: URIs to be used as a content source.
  • filesystem: Allows filesystem: URIs to be used as a content source.

I guess chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj is a scheme source. I am still wondering how Firefox would know where to pull the information from this source?

Wužitny?

more options

The chrome-extension:// protocol is used for Google Chrome extensions and doesn't apply to Firefox (Firefox uses moz-extension://), so if a website thinks that it needs a special CSP rule then you are better of asking this on a GC oriented forum or switch to another website if you disagree.

Wužitny?

Stajće prašenje

Dyrbiće so pola swojeho konta přizjewić, zo byšće na přinoški wotmołwił. Prošu stajće nowe prašenje, jeli hišće wužiwarske konto nimaće.