Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Bug on FF 77.0? Content Security Policy - The page’s settings is blocking the loading of an inline resource

  • 2 replies
  • 1 has this problem
  • 46 views
  • Last reply by stas.o1

more options

Hi, I have an add-on that I have developed, and I noticed that since firefox version 77.0, CSP is blocking my inline scripts at resource “script-src”. This doesn't reproduce on firefox version 76 or earlier, and I've read the release notes and I didn't notice any changes that might affect the api. Seems to me like there might be a bug on firefox. Could anyone please check? (please check it on a page with csp for example: https://www.dropbox.com/)

I have attached below a very simple add-on that all it does is to empty all csp headers. You can see that on ff version 77.0 or later I get error message:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). commons.js:24:16

on previous ff version I don't get this message

Here is the add-on to demonstrate it: https://drive.google.com/file/d/1gCPEgBRZB0WoTF-L_BnrGigvdiaHw-36/view?usp=sharing

Modified by stas.o1

All Replies (2)

more options

Add-on questions should be posted in the add-ons forum;
https://discourse.mozilla-community.org/c/add-ons

more options

OK Thanks!