Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugin does not work on pages with content security policy #24

Open
hubendubler opened this issue Oct 31, 2023 · 2 comments
Open

Plugin does not work on pages with content security policy #24

hubendubler opened this issue Oct 31, 2023 · 2 comments

Comments

@hubendubler
Copy link

Hello, I am having problems using the Chrome plugin on a website using Tolgee and a restrictive content security policy.

The plugin injects a script referencing https://cdn.jsdelivr.net/npm/@tolgee/[email protected]/dist/tolgee-in-context-tools.umd.min.js
This is blocked by the browser and can only be circumvented by adding cdn.jsdelivr.net/npm/@tolgee/ to the script-src part of the CSP, but ideally I would like to avoid this on production.

Is there a way for the Chrome plugin to handle the CSP on the pages it is used on?
@stepan662
Copy link
Contributor

Hey, it seems like there is no way around it. You'll have to list it in the script-src.

@stepan662
Copy link
Contributor

I've tried to load the script in the plugin (which works) and then inject it manually into the new script element, but this is also blocked by CSP (and it's also really ugly). If you'd find a way how to go around this, PRs are welcomed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stepan662 @hubendubler