Comments (2)
Synzvato
commented on May 20, 2024
Hi @beardog108, thanks for sharing your findings.
This is indeed true, and a fix is underway. As a first step, the plan is to automatically identify domains that run strict policies, and then treat any of its required resources as missing.
There is an active prototype that internally marks domains tainted if the DOM node responsible for the request has a crossorigin or an integrity attribute, or if it's inside of an iframe.
It might also be an idea to try and make the add-on detect CSP errors caused by injected resources and mark the corresponding domain as tainted, which has not yet been prototyped.
This should give the project some breathing-space, as very little domains are currently affected by such policies. Any ideas or suggestions (in the form of comments, or Pull Requests) are welcome.
I'll tag this as a duplicate of #16 to keep the discussion in one place.
Thanks again for contributing, much appreciated!
from decentraleyes.
Synzvato
commented on May 20, 2024
@beardog108 I've decided to create a bug (1419459) on Mozilla's bugtracker. Upvotes are welcome.
from decentraleyes.
Related Issues (20)
- Do strict blocking rules break the extension? HOT 5
- Decentraleyes breaks inSCREEN content HOT 3
- Chrome prevents local redirections HOT 3
- Decentraleyes breaks Nextcloud Security Scan HOT 1
- support wordpress specific jquery HOT 5
- Decentraleyes breaks Mes Lieux Paris HOT 2
- Breaks the Gazeta do Povo website HOT 1
- There are various resource hints and directives HOT 4
- Does decentraleyes inject offline cdns when they are blocked by Noscript and PrivacyBadger? HOT 2
- Decentraleyes beaks the FreeBusy website HOT 6
- Error on Chrome HOT 4
- Decentraleyes breaks the Transcend website HOT 2
- Decentraleyes breaks ManualsLib HOT 1
- XHR requests fail due to missing headers HOT 1
- Question: Is any substitute for Safari ?
- Decentraleyes beaks a Path of Exile fansite HOT 2
- Add rules for Chinese mirrors to the FAQ HOT 4
- Update HTTPS Everywhere configuration guide HOT 3
- about:config "show release notes" = false setting is ignored HOT 1
- Missing CDNs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from decentraleyes.