nodiscc
commented
3 years ago Can confirm the bookmarklet is working again for me on this very page. Strange.
The CSP header is
content-security-policy | default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online…com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker-3f088aa2.js gist.github.com/socket-worker-3f088aa2.jsIf I remember correctly the bookmarklet used to require script-src 'unsafe-inline' to work, but the only script-src allowed here is github.githubassets.com... :thinking:
Firefox ESR 78.9.0esr-1~deb10u1
I just noticed that bookmarklets seem to be working again on Github.com, while it was blocked before due to Content Security Policy (CSP) - see #196. It seems to work with both Firefox and Chrome. Can someone else confirm that?
I don't remember which website blocked it as well, so I'm not sure if Github changed something, or if it's due to CSP implementation in browsers.
In any case the documentation should be updated if it's really working: https://shaarli.readthedocs.io/en/master/Troubleshooting/#the-bookmarklet-doesnt-work