Closed RamonUnch closed 2 years ago
Hi! Thank you for this report, I have an idea what's going on here, but need to find a bit of time to test it.
I have long suspected that something in Palemoon's handling of CSP is more strict than anyone else, it often rejects scripts that should be allowed by the CSP it prints in the same error message.
Not in this case though, the double entries in the list seem like something is buggy. Also, clearly self
should be added as a source or the new override blocks all existing scripts.
Alright, this may be a bit overengineered now, but we should now correctly merge policies even for sites that don't use script integrity by themselves.
Release 1.8 should be rolling out via the updater (if I didn't make a mistake in the update.xml
as in the past releases...), let me know if it works!
Technical details:
I am doing something wrong? I am even supposed to add more websites to the main.js file?
You were doing the correct thing (at least for now: not the most friendly design, but so far most fixes have required dedicated code anyway...), but then a bug in the very simple content-security-policy handling in the addon occured. DeepL sets a frame-ancestors
policy to prevent embedding, which the previous version had interpreted as "CSPs are used, so we must extend them". Adding a script-src
policy that just allows the injected customElements polyfill then essentially blocked all scripts on the site, which is obviously bad :wink:
The policies are now fully parsed and merged, but only if the site used them before.
Amazing work! Thanks so much, DeepL works perfectly now!
I would like first to thanks you about this amazing plugins that helps me to still use Basilisk instead of Chrome/Firefox. A couple of months ago DeepL translator stopped working for me using Pale Moon and Basilisk. I saw as the first error in the F12 errors log:
I thus added those lines to the main.js file, (thinking to be clever):
So the custom element error is gone, however I now got more errors in the log;
So I still cannot use deepl translator, it is a bit sad because I do prefer it over google translate, I thus have to use a separate Firefox windows Just for this page...
I have No knowledge in term of JS programming, so sorry If I am asking something stupid. My question is: Would it be possible to fix the problem? It seems there is an integrity check on the script, maybe there is a way to bypass it? I am doing something wrong? I am even supposed to add more websites to the main.js file?