prolane / samltoawsstskeys

Google Chrome Extension which converts a SAML 2.0 assertion to AWS STS Keys.
MIT License
139 stars 91 forks source link

Error accessing AWS STS #73

Open ConsoleCatzirl opened 2 weeks ago

ConsoleCatzirl commented 2 weeks ago

This plugin has recently (sometime in the past month) stopped receiving an access key from STS for me, with the following error in my chrome console log:

/console/home?region=us-east-1#:1 Refused to connect to 'data:text/plain;base64,Cg==' because it violates the following Content Security Policy directive: "connect-src https://us-east-1.console.aws.amazon.com/console/tb/creds https://*.ccs.amazonaws.com https://*.concierge.analytics.console.aws.a2z.com https://*.console.aws.amazon.com/api-proxy/ https://*.console.aws.amazon.com/api/ https://*.ctrl.prod.os.notifications.aws.dev https://cell-0.us-east-1.prod.telemetry.console.api.aws https://console.aws.amazon.com/aperture/ https://console.aws.amazon.com/cct/nav/private-beta https://console.aws.amazon.com/features-proxy/ https://console.aws.amazon.com/p/pref/ https://console.aws.amazon.com/panoramaroute https://fileupload.aperture-api.analytics.console.aws.a2z.com https://global.console.aws.amazon.com/lotus/metadata https://global.semantic.unifiedsearch.console.api.aws https://global.unifiedsearch.console.api.aws/search https://health.aws.amazon.com https://phd.aws.amazon.com https://presignedurl.aperture-api.analytics.console.aws.a2z.com https://prod.log.shortbread.analytics.console.aws.a2z.com https://prod.tools.shortbread.analytics.console.aws.a2z.com https://semantic.unifiedsearch.amazonaws.com https://telemetry.cell-0.us-east-1.prod.tangerinebox.console.aws.a2z.com https://unifiedsearch.amazonaws.com/search https://us-east-1.console.aws.amazon.com/cct/nav/private-beta https://us-east-1.console.aws.amazon.com/features-proxy/ https://us-east-1.console.aws.amazon.com/feedback/custsat/ https://us-east-1.console.aws.amazon.com/lotus/metadata https://us-east-1.console.aws.amazon.com/p/pref/ https://us-east-1.console.aws.amazon.com/panoramaroute https://us-east-1.prod.pl.analytics.console.aws.a2z.com https://us-east-1.prod.pl.panorama.console.api.aws https://us-east-1.prod.pr.analytics.console.aws.a2z.com https://us-east-1.prod.pr.panorama.console.api.aws https://us-east-1.console.aws.amazon.com/p/log/ https://telemetry.cell-0.us-east-1.prod.tangerinebox.console.aws.a2z.com/telemetry https://api.us-east-1.prod.tangerinebox.console.aws.a2z.com https://global.help-panel.docs.aws.a2z.com https://ec2.us-east-1.amazonaws.com https://us-east-1.awsc-integ.aws.amazon.com/api-proxy/ https://us-west-2.awsc-integ.aws.amazon.com/api-proxy/ https://aws.amazon.com/csds/data/ https://target.aws.amazon.com/placements/ https://aws.amazon.com/token/jwt https://aws.amazon.com/csds/v2/metrics https://servicecatalog-appregistry.eu-north-1.amazonaws.com https://servicecatalog-appregistry.me-south-1.amazonaws.com https://servicecatalog-appregistry.ap-south-1.amazonaws.com https://servicecatalog-appregistry.eu-west-3.amazonaws.com https://servicecatalog-appregistry.ap-southeast-3.amazonaws.com https://servicecatalog-appregistry.us-east-2.amazonaws.com https://servicecatalog-appregistry.af-south-1.amazonaws.com https://servicecatalog-appregistry.eu-west-1.amazonaws.com https://servicecatalog-appregistry.me-central-1.amazonaws.com https://servicecatalog-appregistry.eu-central-1.amazonaws.com https://servicecatalog-appregistry.sa-east-1.amazonaws.com https://servicecatalog-appregistry.ap-east-1.amazonaws.com https://servicecatalog-appregistry.ap-south-2.amazonaws.com https://servicecatalog-appregistry.us-east-1.amazonaws.com https://servicecatalog-appregistry.ap-northeast-2.amazonaws.com https://servicecatalog-appregistry.ap-northeast-3.amazonaws.com https://servicecatalog-appregistry.eu-west-2.amazonaws.com https://servicecatalog-appregistry.ap-southeast-4.amazonaws.com https://servicecatalog-appregistry.eu-south-1.amazonaws.com https://servicecatalog-appregistry.ap-northeast-1.amazonaws.com https://servicecatalog-appregistry.us-west-2.amazonaws.com https://servicecatalog-appregistry.us-west-1.amazonaws.com https://servicecatalog-appregistry.ap-southeast-1.amazonaws.com https://servicecatalog-appregistry.ap-southeast-2.amazonaws.com https://servicecatalog-appregistry.il-central-1.amazonaws.com https://servicecatalog-appregistry.ca-central-1.amazonaws.com https://servicecatalog-appregistry.ca-west-1.amazonaws.com https://servicecatalog-appregistry.eu-south-2.amazonaws.com https://servicecatalog-appregistry.eu-central-2.amazonaws.com https://latency-test.beta.dp.public.lotus.awt.aws.a2z.com/ https://cf-latency-test.beta.public.lotus.awt.aws.a2z.com/ https://*.prod.console.frontend.nle.ux.aws.dev https://us-east-1.console-api.aws.amazon.com/proxycheck https://securityhub.af-south-1.amazonaws.com/insights/adhoc https://securityhub.ap-east-1.amazonaws.com/insights/adhoc https://securityhub.ap-northeast-1.amazonaws.com/insights/adhoc https://securityhub.ap-northeast-2.amazonaws.com/insights/adhoc https://securityhub.ap-northeast-3.amazonaws.com/insights/adhoc https://securityhub.ap-south-1.amazonaws.com/insights/adhoc https://securityhub.ap-south-2.amazonaws.com/insights/adhoc https://securityhub.ap-southeast-1.amazonaws.com/insights/adhoc https://securityhub.ap-southeast-2.amazonaws.com/insights/adhoc https://securityhub.ap-southeast-3.amazonaws.com/insights/adhoc https://securityhub.ap-southeast-4.amazonaws.com/insights/adhoc https://securityhub.ap-southeast-5.amazonaws.com/insights/adhoc https://securityhub.ca-central-1.amazonaws.com/insights/adhoc https://securityhub.ca-west-1.amazonaws.com/insights/adhoc https://securityhub.eu-central-1.amazonaws.com/insights/adhoc https://securityhub.eu-central-2.amazonaws.com/insights/adhoc https://securityhub.eu-north-1.amazonaws.com/insights/adhoc https://securityhub.eu-south-1.amazonaws.com/insights/adhoc https://securityhub.eu-south-2.amazonaws.com/insights/adhoc https://securityhub.eu-west-1.amazonaws.com/insights/adhoc https://securityhub.eu-west-2.amazonaws.com/insights/adhoc https://securityhub.eu-west-3.amazonaws.com/insights/adhoc https://securityhub.il-central-1.amazonaws.com/insights/adhoc https://securityhub.me-central-1.amazonaws.com/insights/adhoc https://securityhub.me-south-1.amazonaws.com/insights/adhoc https://securityhub.sa-east-1.amazonaws.com/insights/adhoc https://securityhub.us-east-1.amazonaws.com/insights/adhoc https://securityhub.us-east-2.amazonaws.com/insights/adhoc https://securityhub.us-west-1.amazonaws.com/insights/adhoc https://securityhub.us-west-2.amazonaws.com/insights/adhoc https://doc-help-panel-test.aka.corp.amazon.com https://us.help-panel.docs.aws.a2z.com https://i-ec2-shiba-prod.iad.amazon.com https://ssm-explorer.us-east-1.amazonaws.com https://ce.us-east-1.amazonaws.com https://health.us-east-1.amazonaws.com https://health.us-east-2.amazonaws.com https://ram.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com https://ssm.us-east-1.amazonaws.com https://securityhub.us-east-1.amazonaws.com https://tagging.us-east-1.amazonaws.com https://autoscaling.us-east-1.amazonaws.com https://monitoring.us-east-1.amazonaws.com https://lambda.us-east-1.amazonaws.com https://elasticloadbalancing.us-east-1.amazonaws.com https://resource-groups.us-east-1.amazonaws.com https://synthetics.us-east-1.amazonaws.com https://compute-optimizer.us-east-1.amazonaws.com https://servicecatalog.us-east-1.amazonaws.com https://config.us-east-1.amazonaws.com https://iam.amazonaws.com https://support.us-east-1.amazonaws.com/ https://xqgoa1uunl.execute-api.us-west-2.amazonaws.com https://anyjcaraak.execute-api.us-east-1.amazonaws.com https://*.prod.p13n.console.aws.dev https://macie2.us-east-1.amazonaws.com https://application-signals.us-east-1.api.aws https://cost-optimization-hub.us-east-1.amazonaws.com https://a.b.cdn.console.awsstatic.com".

It looks like AWS has implemented a Content-Security-Policy header that prevents scripts from accessing the AWS STS API.