Closed MatthieuF44 closed 1 year ago
2022.08.15.01 shloud solve the problem
Hi,
I already test the line "@connect discord.com" but it doesn't work.
Kind regards.
Related to CSP Policy.
The current Waze CSP Policy can contact SpreadSheets, but not Discord, Slack, Telegram and so On...
We Will have to add a @connect
per service missing or not complying with CSP Policy.
Actually, reviewing it, the previous shared code it's OK.
We just have to replace the AJAX with await MakeHTTPRequest()
and with this parameters. So we also will need to adjust the MakeHTTPRequest() to be able to make a POST request:
https://github.com/tunisiano187/WME-send-to-slack/blob/cc42226417a8f68cef2d5cfe08db34e1dd627660/WME-send-to-slack.user.js#L521-L536
and this
https://github.com/tunisiano187/WME-send-to-slack/blob/cc42226417a8f68cef2d5cfe08db34e1dd627660/WME-send-to-slack.user.js#L555-L574
even
https://github.com/tunisiano187/WME-send-to-slack/blob/cc42226417a8f68cef2d5cfe08db34e1dd627660/WME-send-to-slack.user.js#L597-L606
and finally
https://github.com/tunisiano187/WME-send-to-slack/blob/cc42226417a8f68cef2d5cfe08db34e1dd627660/WME-send-to-slack.user.js#L616-L624
This requires further dev, and implementation. Sorry, this will take time.
Required @connect
will be:
@connect slack.com
@connect discordapp.com
@connect discord.com
@connect telegram.org
@connect google.com
This will be for Google Forms, Slack, Discord and Telegram
I have sent a request to Staff to modify their current CSP Policy to add:
discordapp.com
discord.com
api.telegram.org
hooks.slack.com
Let's wait for them before having to use the await MakeHTTPRequest()
function.
This issue is in Prod, lets wait for Staff until making the required changes.
Staff Response:
We are happy to let you know that ith the WME beta release of v 2.126, we've released other whitelisted domains that you asked for. Please note these are currently available in beta and will reach production once v2.126 reaches production.
Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?
This issue has been automatically closed because it has not had any comments for a while, feel free to reopen it if needed
[ x ] I've tryied to disable every other scripts [ x ] I've updated the Browser [ x ] I've updated Tampermonkey/GreaceMonkey [ x ] I've updated the script to the latest
Describe the bug When i tried to use STS script, script said that the request is send but in discord app we can't found it. After many test i observed that there is an error with the content security policy.
In the console of developer tool, we obtain this error :
Refused to connect to https://discord.com/api/[REDACTED]/slack' because it violates the following Content Security Policy directive: "connect-src 'self' editor-assets.waze.com www.google-analytics.com storage.googleapis.com maps.googleapis.com www.googleapis.com stats.g.doubleclick.net clouderrorreporting.googleapis.com sheets.googleapis.com docs.google.com tigerweb.geo.census.gov services.arcgis.com"
Desktop (please complete the following information):
Additional context For solving this issue temporary, I've set
Modify existing content security policy (CSP) headers
toRemove entirely (possibly unsecure)