[x] I performed a cursory search of the issue tracker to avoid opening a duplicate issue
Your issue may already be reported.
I tried to reproduce the issue when...
[x] uBlock Origin is the only extension
[x] uBlock Origin with default lists/settings
[x] using a new, unmodified browser profile
[x] I am running the latest version of uBlock Origin
[x] I checked the documentation to understand that the issue I report is not a normal behavior
Description
uBO causes a CSP violation on page load when I have a CSP containing script-src: 'self'.
The problem still occurs when uBO is the only extension loaded and is "disabled" via the big button. I have no filters set.
This appears to be Safari-specific: I can't reproduce it in Chrome.
Prerequisites
Description
uBO causes a CSP violation on page load when I have a CSP containing
script-src: 'self'
. The problem still occurs when uBO is the only extension loaded and is "disabled" via the big button. I have no filters set.This appears to be Safari-specific: I can't reproduce it in Chrome.
A specific URL where the issue occurs
https://www.smartmessages.net/login.php
Steps to Reproduce
It breaks on line 612 of vapi-client.js:
It's breaking on my CSP, which contains
script-src: 'self'
; all my scripts are external, no unsafe-inline or unsafe-eval scripts are allowed.If I disable uBO altogether, the error does not occur.
Expected behavior:
uBlock avoids tripping this CSP rule.
Actual behavior:
uBlock trips this CSP rule.
Your environment