Can't install scripts on Firefox

[James-E-A]

It seems that #2631 has reared its head again:

• GM 4.7 (I think)
• Firefox 64.0.2
• Toggling security.csp.enable worked in neither state
• Tampermonkey works with the same URL on another profile
• uBlock Origin is installed, but disabled for the entire TLD
• Restarting the browser didn't fix it

what other details do you need so I can get click-to-install *://*/*.user.js?

[Sxderp]

What's the Content-Type header for the page?

[arantius]

https://wiki.greasespot.net/Greasemonkey_Manual:Getting_Help#What_to_Say

Exactly which script, if any, is causing a problem? Give an exact name, and if at all possible, the URL where it can be found.

[James-E-A]

What's the Content-Type header for the page?

Ah...it's unfortunately looking like just text/plain

Give an exact name, and if at all possible, the URL where it can be found.

Here's a public URL: https://try.gitea.io/JamesTheAwesomeDude/dir-655-tweaks/raw/branch/stable/dir-655-tweaks.user.js

---

now, NB: one of these URLs being edited in as the @downloadURL works for updating; I just can't install directly from such a URL

[James-E-A]

ALSO: it seems that Content-Type is not the culprit here!

In the process of drafting an issue for Gitea (assuming it was "their problem" of the server not sending the required headers), I found out that GH doesn't send a different header!

GitHub's response headers (the ones that Greasemonkey DOES recognize as installable):

Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
ETag: "05102e3b0466f138003e2c4d71e38582c631b123"
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=300
X-Geo-Block-List:
X-GitHub-Request-Id: 7AB2:67AB:350E6F:383110:5C4B708F
Content-Length: 245181
Accept-Ranges: bytes
Date: Fri, 25 Jan 2019 20:27:21 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-mdw17326-MDW
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1548448041.371479,VS0,VE1
Vary: Authorization,Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: d16c8710d1dc9173434529ef7cab72b624865df2
Expires: Fri, 25 Jan 2019 20:32:21 GMT
Source-Age: 154

Gitea's (the ones Greasemonkey does NOT recognize—but that Tampermonkey DOES):

cache-control: public,max-age=86400
content-type: text/plain; charset=utf-8
date: Fri, 25 Jan 2019 20:29:46 GMT
set-cookie: lang=en-US; Path=/; Max-Age=2147483647
set-cookie: i_like_gitea=9297a5fea92eac79; Path=/; HttpOnly
set-cookie: _csrf=j3f-15_PUD9y5KgPdBzv1rk4lns6MTU0ODQ0OXE4NjQ0MzkzMzY3NQ%3D%3D; Path=/; Expires=Sat, 26 Jan 2019 20:29:46 GMT; HttpOnly
x-frame-options: SAMEORIGIN
content-length: 721

[Sxderp]

Looks like a login / request cookie of some sort. Which may be the culprit. If I recall correctly Greasemonkey doesn't send any additional cookies causing logins to break. This may have been fixed, not sure.

[arantius]

So #2823 ?

[James-E-A]

No; this userscript does not need cookies or a login of any kind to access. Plain old curl or wget can snatch it just fine without a cookie jar or anything. This is not a duplicate of #2823.

[James-E-A]

And what's interesting is, I think it might be a regression bug; I am logged into a computer this evening that's got GreaseMonkey 3.9.2 (on Pale Moon 28.2.2), and it can install from the exact same Gitea server that the FF64/GM4.7 computer couldn't

[Sxderp]

There's been major changes from 3.x to 4.x.

Looking at the detection code, enumerating possibilities.

• Our trigger condition is {'urls': ['*://*/*.user.js'], 'types': ['main_frame']} which you seem to meet.
• Your addon is globally enabled.
• Content-Type is spelt correctly and is one of the valid types.
• Request type must be GET ?

Is the browser, for some reason, sending a request other then GET? The conditionals for triggering are pretty simple. If the three conditionals in the above linked code pass then the other problem would be a hard error in the dialogue opening code. Is there anything in the browser console?

[makyen]

@JamesTheAwesomeDude I am unable to reproduce this issue. The URL you provided appears to install the script just fine with FF65.0.2/GM4.7.

Have you changed something, or has something changed, on the server that URL points to? Is this something you are still able to reproduce?

[tastytea]

I experience the same issue with the try.gitea.io link above and with a script on my own instance.

Firefox: 67.0
Greasemonkey: 4.8

% curl -I https://schlomp.space/tastytea/userscripts/raw/branch/main/fediverse/mastodon_cw_toggle.user.js
HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Mon, 27 May 2019 17:01:46 GMT
Content-Type: text/plain; charset=utf-8
Connection: keep-alive
Keep-Alive: timeout=20
Cache-Control: public,max-age=86400
Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
Set-Cookie: i_like_gitea=c7de2421629c2f2d; Path=/; HttpOnly
Set-Cookie: _csrf=4iRJK2LPEG4e3sbtTWUrZ0V0VEk6MTU1ODk3NjUwNjUwOTY4MzU2Nw%3D%3D; Path=/; Expires=Tue, 28 May 2019 17:01:46 GMT; HttpOnly
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31557600; includeSubDomains
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1
Referrer-Policy: same-origin

There is nothing in the browser console.

[tastytea]

Hmm, it works reliably in a private window. My extensions are all allowed in private windows.

[tastytea]

I don't know if this is connected, but if I try to update the same userscript, I get the error “Error while searching for new version” (translated) and this is in the browser console:

Sending message that cannot be cloned. Are you trying to send an XPCOM object? MessageChannel.jsm:968:15
error occurred while processing 'sources: TypeError: can't access dead object
Stack: webExtensionTargetPrototype._allowSource@resource://devtools/server/actors/targets/webextension.js:293:5
TabSources/this.allowSource@resource://devtools/server/actors/utils/TabSources.js:25:39
_addSource@resource://devtools/server/actors/thread.js:1663:23
onSources@resource://devtools/server/actors/thread.js:1077:12
onPacket@resource://devtools/server/main.js:1291:58
receiveMessage@resource://devtools/shared/transport/child-transport.js:66:16
Line: 293, column: 5 main.js:1160
    _unknownError resource://devtools/server/main.js:1160
    onPacket resource://devtools/server/main.js:1294
    receiveMessage resource://devtools/shared/transport/child-transport.js:66

I get this error in “normal” windows and in private windows. I don't get an error with userscripts from other sites.