Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

Bug on FF 77.0? Content Security Policy - The page’s settings is blocking the loading of an inline resource

  • 2 uphendule
  • 1 inale nkinga
  • 7 views
  • Igcine ukuphendulwa ngu stas.o1

more options

Hi, I have an add-on that I have developed, and I noticed that since firefox version 77.0, CSP is blocking my inline scripts at resource “script-src”. This doesn't reproduce on firefox version 76 or earlier, and I've read the release notes and I didn't notice any changes that might affect the api. Seems to me like there might be a bug on firefox. Could anyone please check? (please check it on a page with csp for example: https://www.dropbox.com/)

I have attached below a very simple add-on that all it does is to empty all csp headers. You can see that on ff version 77.0 or later I get error message:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). commons.js:24:16

on previous ff version I don't get this message

Here is the add-on to demonstrate it: https://drive.google.com/file/d/1gCPEgBRZB0WoTF-L_BnrGigvdiaHw-36/view?usp=sharing

Hi, I have an add-on that I have developed, and I noticed that since firefox version 77.0, CSP is blocking my inline scripts at resource “script-src”. This doesn't reproduce on firefox version 76 or earlier, and I've read the release notes and I didn't notice any changes that might affect the api. Seems to me like there might be a bug on firefox. Could anyone please check? (please check it on a page with csp for example: https://www.dropbox.com/) I have attached below a very simple add-on that all it does is to empty all csp headers. You can see that on ff version 77.0 or later I get error message: Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). commons.js:24:16 on previous ff version I don't get this message Here is the add-on to demonstrate it: https://drive.google.com/file/d/1gCPEgBRZB0WoTF-L_BnrGigvdiaHw-36/view?usp=sharing

Okulungisiwe ngu stas.o1

All Replies (2)

more options

Add-on questions should be posted in the add-ons forum;
https://discourse.mozilla-community.org/c/add-ons