fix: CSP Restriction for TrustedTypePolicy Creation in Loading Indicator

PlasmoHQ / plasmo

🧩 The Browser Extension Framework

https://www.plasmo.com

MIT License

8.84k stars 314 forks source link

fix: CSP Restriction for TrustedTypePolicy Creation in Loading Indicator #986

Closed HT808s closed 4 weeks ago

HT808s commented 1 month ago

Details

This PR aimes to fix the issue https://github.com/PlasmoHQ/plasmo/issues/985

Code of Conduct

[X] I agree to follow this project's Code of Conduct
[X] I agree to license this contribution under the MIT LICENSE
[X] I checked the current PR for duplication.

Contacts

(OPTIONAL) Discord ID:

If your PR is accepted, we will award you with the Contributor role on Discord server.

To join the server, visit: https://www.plasmo.com/s/d

R-iskey commented 1 month ago

When is it planned to merge?

gBusato commented 4 weeks ago

Please merge it since it's quite an issue while developing

louisgv commented 4 weeks ago

Thanks for the PR! Will merge soon!

axelschapmann commented 4 weeks ago

Do you know when this problem will be solved?

I still have the error on my side. Although I have update plasmo for my project with pnpm up -L plasmo

OFNEILL commented 4 weeks ago

Has this been pushed to pnpm as well?

R-iskey commented 4 weeks ago

Is it fix the issue on dev runtime? Refused to create a TrustedTypePolicy named 'trusted-html-__plasmo-loading__' because it violates the following Content Security Policy directive: "trusted-types 'allow-duplicates' default jSecure highcharts dompurify".

louisgv commented 3 weeks ago

@OFNEILL yes it's pushed to the registry

louisgv commented 3 weeks ago

Is it fix the issue on dev runtime? Refused to create a TrustedTypePolicy named 'trusted-html-__plasmo-loading__' because it violates the following Content Security Policy directive: "trusted-types 'allow-duplicates' default jSecure highcharts dompurify".

Hmm, I think if the user has multiple CSUI, this fix will not work because it will try to inject multiple loaders simultaneously... :-?..... @HT808s

axelschapmann commented 3 weeks ago

I still have the error on my side @louisgv , even with the latest version of Plasmo.

-> it occurs on LinkedIn

Refused to create a TrustedTypePolicy named 'trusted-html-__plasmo-loading__' because it violates the following Content Security Policy directive: "trusted-types 'allow-duplicates' default jSecure highcharts dompurify". Uncaught TypeError: Failed to execute 'createPolicy' on 'TrustedTypePolicyFactory': Policy "trusted-html-__plasmo-loading__" disallowed.

The error occurs on the home page, but if you go to a more specific url, like "https://www.linkedin.com/blog/member". There is no more error (i don't know if it helps)

R-iskey commented 3 weeks ago

@axelschapmann correct, it working on "https://www.linkedin.com/blog/member" but home and user's profile page still throw this error

agungjk commented 3 weeks ago

i create a hotfix for this issue on this PR #1000 you can test or use my bugfix

clone the repo git clone git@github.com:agungjk/plasmo.git --recurse-submodules
install dependency pnpm install
build the repo pnpm run build:cli
go to the folder cd cli/plasmo and link the runtime pnpm link --global
you can test it by running plasmo dev instead of pnpm run dev on your plasma project