Content Security Policy: The page's settings blocked the loading of a resource at self ("script-src moz-extension://3bac9b32-3742-477f-aace-3a5be74f3863")


(Temps Jo) #1

Hello,
I had several versions Addon Lecjoa running well on my P.C.
I do not know why they do not work now
it work no more, and I get : Content Security Policy: The page’s settings blocked the loading of a resource at self ("script-src moz-extension://3bac9b32-3742-477f-aace-3a5be74f3863)
is anybody can help me ?
cordially


(Temps Jo) #2

I find :
In the interest of helping others - As mentioned in the bug I entered,
it is a matter of “moz-extension:” existing in the CSP without an actual
host. Once this is removed, the CSP is accepted in full, and the remote
script can be requested fine"

but I do not know, how to do that


(Jorge) #3

Which bug are you referring to? It sounds like you’re running into this one:

https://bugzilla.mozilla.org/show_bug.cgi?id=1267027


(Temps Jo) #4

Hello,
Thank you for the reply and the link
Currently I have no solution.
I hope to find a solution by analyzing the link. And also try to understand why before lecjoa working and now it no longer works


(Temps Jo) #5

Hello,
I found a first solution using:
about: config
in firefox navigation bar
then double click on
security.csp.enable
that turns true to false

But this solution seems a bit restrictive, I continue to look better.


(Jorge) #6

That’s not a great solution, because it disables important security protections on websites.


(Temps Jo) #7

Hello, thank you for the answer.
I think the same thing, this is not a good solution.
Lecjoa was constantly growing and had reached 50 downloads a day before the
blockade. Now there is one download per day, while I improved the content of
the Addon.
I will first provide examples of bases of physical laws of acoustics, and
examples of the visual basic laws. Then I will enlarge the audio bank jo
format that I put online
And finally, I’ll try to find a better solution for the addon can be used
without change rights.
cordially


(Temps Jo) #8

Hello,
a little up.
After days of testing, I concluded that it is impossible to use background.js with firefox 48, even if background.js works fine with firefox 46
Which is why the application lecjoa is stopped working suddenly
I did everything I was asked, in particular, I deleted all the innerHTML tag.
But that changed nothing. I always get
Content Security Policy: The page’s settings blocked the loading of a resource at self ("script-src moz-extension://
I tested the examples in seeking an alternative. But I have not found a solution.
Does anyone know how to open a page HTML without getting this error?
In other words, how to avoid the use of background.js
cordially


(Temps Jo) #9

Hello,
Read and follow the links given by the AMO.
I understood the reason:
js call in background
Once the cause is understood, I found a solution, with variations, depending on the case.
In fact, you must not call js in HTML,
but it has to be js, which monitors what is happening in the HTML
the examples are in the 3.1 lecjoa

The problem is solved
cordially


(Aakash) #10

Then how did you manage to include JS in html? I am also really confused, can you give the relevant link, if any!
Thanks a lot


(Temps Jo) #11

Hello,
thank you for your attention.
Before version 48 of firefox, I used onclick, in the HTML pages
Despite all the help of the AMOs, I did not understand why, my codes were no longer working.
By dint of reading their messages, and learning what the words used meant. I understood and adapted my codes to the new safety standards.
I have three projects under construction.
The first named lecjoa which allows to generate multidirectional video.
The second lecjo which is an audio plugin, some values in the HTML page generates music.
The third allows artists to create their own virtual musical instrument (sound and form).
My short-term goal is to work as a team. Each bringing his knowledge and his perception of the world. Because on my own, I have the impression that nobody understands what I say.
cordially

P.S. example end of .js :slight_smile:function fait() {

document.querySelector(’#filejo’).addEventListener(‘change’, function() {
for (var i = 0; i < this.files.length; i++) {
setupReader(this.files[i]);
}
});
}
/passerelle firefox 48 pour remplacer le bouton d’appel java/
document.addEventListener(“DOMContentLoaded”, function(event) {
fait();
});
/fin passerelle firefox 48/


(Mdnigaralam) #12

Hello,

Write down the below code in .htaccess file of your root directory

<ifModule mod_headers.c>
Header set Content-Security-Policy “default-src * ‘unsafe-inline’ ‘unsafe-eval’; script-src * ‘unsafe-inline’ ‘unsafe-eval’;”
</ifModule>