Open matt-canty-dragon opened 4 years ago
Hi,
Thanks for the bug report!
The Content Security Policy that page sets contains frame-ancestors: 'none';
, so that page can't be hosted in a regular iframe.
According to this page, there's a flag I can add to the iframe that'll make it act as a top-level browsing context, which means that it should prevent this. I'm at work right now, but it's a simple fix so I'll hopefully get to it tonight.
Cheers!
OK. I look forward to it. I tried another extension but I found it interruted my flow by being just a bit too slow... I wonder if yours, being so lean might be quicker. Hope so, looking forward to hearing more.
Okay, so it appears that mozbrowser
isn't available to extensions, and the only viable approach is to modify the request in-flight so the page doesn't know it's in an iframe. I've got that working, but GitHub also uses JS to detect if it's in an iframe, so I need to inject some code into the page to trick it on that front.
Then I need to go through everything and make sure that nothing is leaking outside of the new tab page, because if either of those things were to happen on a regular page that'd be very bad.
Sadly, due to security restrictions, I can no longer use Firefox on the machine associated with this account. However I will be in touch via my personal one!
I am now happily using this on my personal machine. However I am using linktr.ee instead now so the problem has gone away. Let me know if you want me to test anything.
I'm leaving this open as it's still an outstanding issue in the plugin.
I wanted to set up https://github.com/notifications/beta as my homepage. This is blocked by security policy.
Address is set to: moz-extension://4607d0ab-14f4-f04b-8fa1-4c6cf57a1e6b/newtab.html
I ended up switching to this one: https://github.com/cadeyrn/newtaboverride