search

plibither8 / asciinema-player-for-github

🎬✨ Browser extension to automatically detect asciinema links in a project's README and embed the asciinema player in its place
MIT License
32 stars 3 forks source link

Doesn't work anymore on Firefox #7

Open aaronliu0130 opened 1 year ago

aaronliu0130 commented 1 year ago

image https://github.com/ohmyzsh/ohmyzsh/tree/master/plugins/catimg

aaronliu0130 commented 1 year ago

image Content Security Policy: The page’s settings blocked the loading of a resource at https://asciinema.org/a/Hr6o4z5O2AMEZKnTTPQenpOot/iframe? (“frame-src”).

aaronliu0130 commented 1 year ago

This appears to be magically fixed now?

aaronliu0130 commented 1 year ago

Doesn't work anymore anymore

rugk commented 7 months ago

It would be great if you could port your browser extension from Chrome/ium also to other browsers like Firefox, i.e. making it a cross-compatible browser extension (“WebExtension”).

See https://extensionworkshop.com/documentation/develop/porting-a-google-chrome-extension/ for more information on how to do that.

aaronliu0130 commented 7 months ago

@rugk But a Firefox extension exists, it's just that it doesn't work.

rugk commented 7 months ago

I k now but maybe the docs can provide some insight here, e.g. here it says:

This randomness can prevent you from doing things, such as adding your extension's URL to another domain's CSP policy.

Or about the CSP of the webextension: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy#default_content_security_policy

But as the CSP of GitHub here is likely an issue if I read it right, this here could explain the difference:

The extent to which the CSP controls loads from content scripts varies by browser. In Firefox, JavaScript features such as eval are restricted by the extension CSP. Generally, most DOM-based APIs are subjected to the CSP of the web page. In Chrome, many DOM APIs are covered by the extension CSP instead of the web page's CSP (crbug 896041).