Bug on FF 77.0? Content Security Policy - The page’s settings is blocking the loading of an inline resource
Hi, I have an add-on that I have developed, and I noticed that since firefox version 77.0, CSP is blocking my inline scripts at resource “script-src”. This doesn't reproduce on firefox version 76 or earlier, and I've read the release notes and I didn't notice any changes that might affect the api. Seems to me like there might be a bug on firefox. Could anyone please check? (please check it on a page with csp for example: https://www.dropbox.com/)
I have attached below a very simple add-on that all it does is to empty all csp headers. You can see that on ff version 77.0 or later I get error message:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). commons.js:24:16
on previous ff version I don't get this message
Here is the add-on to demonstrate it: https://drive.google.com/file/d/1gCPEgBRZB0WoTF-L_BnrGigvdiaHw-36/view?usp=sharing
Okulungisiwe
All Replies (2)
Add-on questions should be posted in the add-ons forum;
https://discourse.mozilla-community.org/c/add-ons
OK Thanks!