search

StephenCataldo / comment-better

Edit your comment boxes with suggestions from communications experts. Based on react-chrome-extension-boilerplate. Uses Social Media Web Guide as its boilerplate, intended to be packed together (maybe).
GNU General Public License v3.0
1 stars 1 forks source link

Chrome extension security tightening #50

Open StephenCataldo opened 5 years ago

StephenCataldo commented 5 years ago

See: https://thehackernews.com/2018/10/google-chrome-extensions-security.html for Chrome 70.

I'm noticing errors I've never seen before when adding the extension, using 69.0.3497.100

Learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src

StephenCataldo commented 5 years ago

Ugly, but added these to permissions, not sure if will help: "http:///", "https:///"

StephenCataldo commented 5 years ago

When I pop the popup, I get this:

Refused to load the script 'chrome-extension://lmhkpmbekcpmknklioeibfkpmmfibljd/js/redux-devtools-extension.js' because it violates the following Content Security Policy directive: "script-src 'self' http://localhost:3000 https://localhost:3000 'unsafe-eval'".

Also/therefore: This does not appear to be running: <div dangerouslySetInnerHTML={{__html: recentGuide}} /> . but I'm not sure, skimming and trying to remember old stuff. I think this is probably mvp+1 to fix.... causes the popup's html to fail.