Closed tiblu closed 3 years ago
The extension needs to inject the TokenSigning function so that we don't break the implementation on existing websites. What we can do is allow websites to add the page script by themselves and before the extension injects the page script, it checks the website if the code is already there.
The requirement would be that the script tag which loads the page.js code needs to have a data-name="TokenSigning"
attribute.
<script src="path-to/page.js" data-name="TokenSigning"></script>
The extension needs to inject the TokenSigning function so that we don't break the implementation on existing websites. What we can do is allow websites to add the page script by themselves and before the extension injects the page script, it checks the website if the code is already there.
The requirement would be that the script tag which loads the page.js code needs to have a
data-name="TokenSigning"
attribute.<script src="path-to/page.js" data-name="TokenSigning"></script>
Thanks for the info! If that works, fine by me.
Hi, thank you for this workaround @taneltm. Hope that your pull gets merged soon as adding page.js file works in chrome without any errors, but still triggers errors in Firefox and Safari. At least functionality is now working and ID-card is still usable
We could not reproduce the problem: signing with ID-card in Firefox was successful in Windows and macOS. Only situation where we met similar error message in the web developer console was when
Has the citizenos.com website been changed meanwhile?
@kinomehhaanik we used the suggestion from @taneltm and copied the https://github.com/open-eid/chrome-token-signing/blob/master/extension/page.js into our own code, this allows the id plugin to work properly. I hope you can accept his pull and merge it into next release as it is a good way to get this plugin working on pages with CSP.
Problem
A website wanting to support ID-card signing cannot use CSP to block on policy violations because Token Signing plugin will not work if the CSP is set to block.
Example:
Reproduce
Fix?
eval()
directly or indirectly - https://github.com/open-eid/chrome-token-signing/blob/master/extension/content.js#L52Resources