search

kylepaulsen / ResourceOverride

An extension to help you gain full control of any website by redirecting traffic, replacing, editing, or inserting new content.
MIT License
467 stars 117 forks source link

Failed to response a json using URL to File #30

Open blockchain1977 opened 5 years ago

blockchain1977 commented 5 years ago

Tried to use URL -> File to replace the response of an ajax call. I set the content of the file as : / mime: application/json / { json content }

Always get error: violates the following Content Security Policy directive: "default-src 'self' https://*.anz.co.nz https://*.anz.com https://*.qualtrics.com".

Detail as below:

[Resource Override] File Override Matched: [Report Only] Refused to connect to 'data:application/json;charset=UTF-8;base64,ew0KICAiYWNjb3VudHMiIDogWyB7DQogICAgImlkIiA6ICJVaGN3ZXJxOCIsDQogICAgImFjY291bnRUeXBlIiA6ICJjdXJyZW50IiwNCiAgICAiY3VzdG9tZXIiIDogIlVocXJydXdyIiwNCiAgICAiYWNjb3VudE51bWJlciIgOiAiMDEtMDc1OS0wMDE2NTE4LTAwIiwNCiAgICAib3JkZXIiIDogMCwNCiAgICAicHJvZHVjdE5hbWUiIDogIkJ1c2luZXNzIEZsZXhpYmxlIEZhY2lsaXR5IiwNCiAgICAiYmFsYW5jZSIgOiB7DQogICAgICAiYW1vdW50IiA6IDMxMDQxLjk3LA0KICAgICAgImN1cnJlbmN5Q29kZSIgOiAiTlpEIiwNCiAgICAgICJjdXJyZW5jeVN5bWJvbCIgOiAiJCIsDQogICAgICAiaW5kaWNhdG9yIiA6...ltdFNvdXJjZSIgOiBmYWxzZSwNCiAgICAibGlua3MiIDogWyB7DQogICAgICAicmVsIiA6ICJhY2NvdW50RXh0cmFJbmZvIiwNCiAgICAgICJocmVmIiA6ICJleHRyYWluZm8iDQogICAgfSBdLA0KICAgICJpc0VsaWdpYmxlQXNTb3VyY2VBY2NvdW50Rm9yTG9hblBheW1lbnQiIDogZmFsc2UsDQogICAgImltYWdlc0Jhc2VVcmwiIDogIi9pbWFnZS1jYWNoZS9wcm9kdWN0LWltYWdlcy9mb3JlaWduLWN1cnJlbmN5L1VTRC92Mi8iLA0KICAgICJjdXJyZW5jeUNvZGUiIDogIlVTRCIsDQogICAgImludGVyZXN0UmF0ZSIgOiAwLjEyMDAwMDAwLA0KICAgICJtYXR1cml0eURhdGUiIDogIjIwMTQtMDMtMDUiLA0KICAgICJpc0ZpeGVkUmF0ZSIgOiBmYWxzZQ0KICB9IF0NCn0=' because it violates the following Content Security Policy directive: "default-src 'self' https://*.anz.co.nz https://*.anz.com https://*.qualtrics.com". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

bernhardriegler commented 4 years ago

I do not think this is an issue of RessourceOverride. Rather you need to set (or manipulate in another way) the content security policy header set on the page invoking the ajax call. See https://content-security-policy.com/ for more info.

Try adding this the the <head> element:

<meta http-equiv="Content-Security-Policy" content="default-src *;">

You should only do this on non production sites.