Note that the bookmarklet doesn't work on sites with restrictive CSP

hypothesis / vision

Envisioning the future of the Hypothesis.

https://github.com/hypothesis/vision/issues/

40 stars 8 forks source link

Note that the bookmarklet doesn't work on sites with restrictive CSP #209

Open jean opened 8 years ago

jean commented 8 years ago

E.g. clicking the bookmarklet on a private github repo results in this in the console: Content Security Policy: The page's settings blocked the loading of a resource at self ("script-src https://assets-cdn.github.com").

robertknight commented 8 years ago

Hello @jean . The bookmarklet does work on HTTPS sites but specifically not GitHub and other sites which have strict Content Security Policy settings. The issue is to do with Content Security Policy that prevents scripts from being loaded from domains outside a whitelist set by GitHub.

jean commented 8 years ago

Ah! Fair enough. I think this (CSP issue) should be mentioned in the "Drag the button into your bookmarks bar then click it to launch the Hypothesis application." popup though.