Re: Overriding the CSP for privileged protocols

There's this bug filed about user overrides for CSPs: https://bugzilla.mozilla.org/show_bug.cgi?id=1014545 ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform

Re: Overriding the CSP for privileged protocols

Sounds like you would use nsIDOMWindowUtils.loadSheet for that. -Tom On Sat, Jun 7, 2014 at 8:27 PM, L. David Baron wrote: > On Friday 2014-06-06 00:30 -0700, Matthew Gertner wrote: > > As things stand, it should be possible for responsible extensions such > as ours (we implement our own nsICo

Re: Overriding the CSP for privileged protocols

On Friday 2014-06-06 00:30 -0700, Matthew Gertner wrote: > As things stand, it should be possible for responsible extensions such as > ours (we implement our own nsIContentPolicy for our protocol) to do things > like inject CSS into pages. We should probably have mechanisms for addons to inject

Re: Overriding the CSP for privileged protocols

On Thursday, June 5, 2014 5:50:23 PM UTC+2, Boris Zbarsky wrote: > The CSP implementation should be using protocol flags here instead of > hardcoding (and if it's not, bugs should be filed). And then your > protocol can set the relevant flags. Bug filed: https://bugzilla.mozilla.org/show_bug.cg

Re: Overriding the CSP for privileged protocols

On Thursday, June 5, 2014 5:50:23 PM UTC+2, Boris Zbarsky wrote: > The CSP implementation should be using protocol flags here instead of > hardcoding (and if it's not, bugs should be filed). And then your > protocol can set the relevant flags. I'll confirm (going to dive deeper into the CSP cod

Re: Overriding the CSP for privileged protocols

On 6/5/2014 8:50 AM, Boris Zbarsky wrote: > On 6/5/14, 11:39 AM, Matthew Gertner wrote: >> The problem is that on sites the enforce their own CSP, the resources >> may not be loaded. For example, github.com has script-src set to >> 'self' so it won't load stylesheets via our protocol. Is there any

Re: Overriding the CSP for privileged protocols

On 6/5/14, 11:39 AM, Matthew Gertner wrote: Our extension injects styles into webpages via a protocol defined using our own protocol handler using . We have our own nsIContentPolicy which we use to enforce which resources from this protocol can be injected into content pages. The problem is th

Overriding the CSP for privileged protocols

Our extension injects styles into webpages via a protocol defined using our own protocol handler using . We have our own nsIContentPolicy which we use to enforce which resources from this protocol can be injected into content pages. The problem is that on sites the enforce their own CSP, the re