Comments (4)
Thanks for reporting the issue! There are a few things here that keep Decentraleyes from injecting local resources. Namely the, relatively new, crossorigin
and integrity
script attributes:
<script src="/jquery.min.js" integrity="sha256-ivk7..." crossorigin="anonymous"></script>
Technically it's a duplicate of #16 and thus a known bug. It affects a relatively small amount of websites that enforce an additional set of rules for loading content. This is being looked into and chances are a permanent solution to this problem will be found within the very near future.
Decentraleyes v1.2.0 has experimental support for whitelisting specific domains (that works as long as a request has referrer information). So, installing that new version and adding "report-uri.io" to the whitelist (inside Add-on Manager preferences) should prevent the website from breaking.
from decentraleyes.
Well... yeah. Prevent injections is the purpose of Subresource Integrity. 😃
But should not the hashes be equal if the file is exactly the same (as it is supposed to be with this addon)?
from decentraleyes.
But should not the hashes be equal if the file is exactly the same [...].
That's a very good observation! The injected code is, of course, fully identical. Bundled files have been stripped of things like source mapping comments, because the actual mapping files are not bundled to save space. Also, by default, Decentraleyes adds comments to injected files to signal local delivery.
A tool to ensure resource integrity is included in the add-on, and is also used by reviewers at Mozilla to make sure the actual code is unaltered. So that's why regular file fingerprints often don't match.
The reason the other attribute crossorigin
causes issues, is because it demands that the responses contain headers that state cross-origin requests are allowed. Decentraleyes currently redirects requests to data URIs
. That particular protocol has nothing to do with HTTP
, so chaos ensues.
That's the problem in a nutshell. Any ideas or suggestions are highly welcome!
from decentraleyes.
@rugk I have since decided to create a bug (1419459
) on Mozilla's bugtracker. Upvotes are welcome.
from decentraleyes.
Related Issues (20)
- Do strict blocking rules break the extension? HOT 5
- Decentraleyes breaks inSCREEN content HOT 3
- Chrome prevents local redirections HOT 3
- Decentraleyes breaks Nextcloud Security Scan HOT 1
- support wordpress specific jquery HOT 5
- Decentraleyes breaks Mes Lieux Paris HOT 2
- Breaks the Gazeta do Povo website HOT 1
- There are various resource hints and directives HOT 4
- Does decentraleyes inject offline cdns when they are blocked by Noscript and PrivacyBadger? HOT 2
- Decentraleyes beaks the FreeBusy website HOT 6
- Error on Chrome HOT 4
- Decentraleyes breaks the Transcend website HOT 2
- Decentraleyes breaks ManualsLib HOT 1
- XHR requests fail due to missing headers HOT 1
- Question: Is any substitute for Safari ?
- Decentraleyes beaks a Path of Exile fansite HOT 2
- Add rules for Chinese mirrors to the FAQ HOT 4
- Update HTTPS Everywhere configuration guide HOT 3
- about:config "show release notes" = false setting is ignored HOT 1
- Missing CDNs
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from decentraleyes.