search

DarkFlorist / TheInterceptor

The Interceptor is a browser extension that explains what kind of Ethereum transactions you are making
The Unlicense
139 stars 22 forks source link

Brave - refused to execute inline script because it violates the following Content Security Policy directive #15

Closed randomishwalk closed 1 year ago

randomishwalk commented 1 year ago

Brave version: Version 1.46.134 Chromium: 108.0.5359.94 (Official Build) (64-bit)

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-Pno6VqOVhlRXSd0eVB22rNathycbNhTyHseqef92DaU='), or a nonce ('nonce-...') is required to enable inline execution.


<!DOCTYPE html>
<html>
    <head>
        <meta charset = 'utf-8'>
        <link rel = 'icon' type = 'image/x-icon' href = 'favicon.ico'>
    </head>
    <body style = 'width: 520px; height: 400px;'>
        <script async type = 'module' src = '../vendor/es-module-shims/es-module-shims.wasm.js'></script>
        <script type = 'importmap'>
        {
            "imports": {
                "ethers": "../vendor/ethers/ethers.esm.js",
                "webextension-polyfill": "../vendor/webextension-polyfill/browser-polyfill.js",
                "es-module-shims": "../vendor/es-module-shims/es-module-shims.js",
                "preact": "../vendor/preact/preact.module.js",
                "preact/jsx-runtime": "../vendor/preact/jsx-runtime/jsxRuntime.module.js",
                "preact/hooks": "../vendor/preact/hooks/hooks.module.js",
                "funtypes": "../vendor/funtypes/index.mjs",
                "node-fetch": "../vendor/node-fetch/index.mjs",
                "@zoltu/ethereum-abi-encoder": "../vendor/@zoltu/ethereum-abi-encoder/index.js",
                "@zoltu/ethereum-crypto": "../vendor/@zoltu/ethereum-crypto/index.js",
                "@zoltu/rlp-encoder": "../vendor/@zoltu/rlp-encoder/index.js",
                "@darkflorist/address-metadata": "../vendor/@darkflorist/address-metadata/index.js"
            }
        }
    </script>

        <main>Loading...</main>

        <script type = 'module' src = '../js/background/background.js'></script>
    </body>
</html>

image

randomishwalk commented 1 year ago

Additionally this one:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' blob: 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-RV4dt67B/u5FCyevL+g5SoVLJIS/WDXabFzgEF4oL7U='), or a nonce ('nonce-...') is required to enable inline execution.


<!DOCTYPE html>
<html style = 'background-color: var(--bg-color); overflow-y: inherit;'>
    <head>
        <meta charset = 'utf-8'>
        <link rel = 'icon' type = 'image/x-icon' href = 'favicon.ico'>
    </head>
    <body style = 'width: 520px; height: 400px; background-color: var(--bg-color); max-width: 520px; margin: auto;'>
        <meta name = 'viewport' content = 'width = device-width, initial-scale = 1' />
        <link rel = 'stylesheet' type = 'text/css' href = '../css/bulma.css' />
        <link rel = 'stylesheet' type = 'text/css' href = '../css/bulma-divider.css' />
        <link rel = 'stylesheet' type = 'text/css' href = '../css/interceptor.css' />
        <script src = '../vendor/webextension-polyfill/browser-polyfill.js'></script>
        <script async type = 'module' src = '../vendor/es-module-shims/es-module-shims.wasm.js'></script>
        <script type = 'importmap'>
        {
            "imports": {
                "ethers": "../vendor/ethers/ethers.esm.js",
                "webextension-polyfill": "../vendor/webextension-polyfill/browser-polyfill.js",
                "es-module-shims": "../vendor/es-module-shims/es-module-shims.js",
                "preact": "../vendor/preact/preact.module.js",
                "preact/jsx-runtime": "../vendor/preact/jsx-runtime/jsxRuntime.module.js",
                "preact/hooks": "../vendor/preact/hooks/hooks.module.js",
                "funtypes": "../vendor/funtypes/index.mjs",
                "node-fetch": "../vendor/node-fetch/index.mjs",
                "@zoltu/ethereum-abi-encoder": "../vendor/@zoltu/ethereum-abi-encoder/index.js",
                "@zoltu/ethereum-crypto": "../vendor/@zoltu/ethereum-crypto/index.js",
                "@zoltu/rlp-encoder": "../vendor/@zoltu/rlp-encoder/index.js"
            }
        }
    </script>

        <main>Loading...</main>

        <script type = 'module' src = '../js/interceptorAccess.js'></script>
    </body>
</html>

image

MicahZoltu commented 1 year ago

I believe this is an ignorable error and should go away once Brave implements import maps. We are using an importmap polyfill at the moment, and once Brave adds support it should automatically switch over to using built-in over the polyfill.

Going to leave this open until someone on the team can verify this, but we'll probably close it if my assertions above are correct.