tunisiano187
commented
2 years ago 2022.08.15.01 shloud solve the problem
Closed MatthieuF44 closed 1 year ago
tunisiano187
commented
2 years ago 2022.08.15.01 shloud solve the problem
MatthieuF44
commented
2 years ago Hi,
I already test the line "@connect discord.com" but it doesn't work.
Kind regards.
ordonezgs
commented
2 years ago Related to CSP Policy.
The current Waze CSP Policy can contact SpreadSheets, but not Discord, Slack, Telegram and so On...
We Will have to add a @connect per service missing or not complying with CSP Policy.
ordonezgs
commented
2 years ago Actually, reviewing it, the previous shared code it's OK.
We just have to replace the AJAX with await MakeHTTPRequest() and with this parameters. So we also will need to adjust the MakeHTTPRequest() to be able to make a POST request:
https://github.com/tunisiano187/WME-send-to-slack/blob/cc42226417a8f68cef2d5cfe08db34e1dd627660/WME-send-to-slack.user.js#L521-L536
and this
https://github.com/tunisiano187/WME-send-to-slack/blob/cc42226417a8f68cef2d5cfe08db34e1dd627660/WME-send-to-slack.user.js#L555-L574
even
https://github.com/tunisiano187/WME-send-to-slack/blob/cc42226417a8f68cef2d5cfe08db34e1dd627660/WME-send-to-slack.user.js#L597-L606
and finally
https://github.com/tunisiano187/WME-send-to-slack/blob/cc42226417a8f68cef2d5cfe08db34e1dd627660/WME-send-to-slack.user.js#L616-L624
This requires further dev, and implementation. Sorry, this will take time.
ordonezgs
commented
2 years ago Required @connect will be:
@connect slack.com
@connect discordapp.com
@connect discord.com
@connect telegram.org
@connect google.comThis will be for Google Forms, Slack, Discord and Telegram
ordonezgs
commented
1 year ago I have sent a request to Staff to modify their current CSP Policy to add:
discordapp.com
discord.com
api.telegram.org
hooks.slack.comLet's wait for them before having to use the await MakeHTTPRequest() function.
ordonezgs
commented
1 year ago This issue is in Prod, lets wait for Staff until making the required changes.
ordonezgs
commented
1 year ago Staff Response:
We are happy to let you know that ith the WME beta release of v 2.126, we've released other whitelisted domains that you asked for. Please note these are currently available in beta and will reach production once v2.126 reaches production.
stale[bot]
commented
1 year ago Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?
stale[bot]
commented
1 year ago This issue has been automatically closed because it has not had any comments for a while, feel free to reopen it if needed
[ x ] I've tryied to disable every other scripts [ x ] I've updated the Browser [ x ] I've updated Tampermonkey/GreaceMonkey [ x ] I've updated the script to the latest
Describe the bug When i tried to use STS script, script said that the request is send but in discord app we can't found it. After many test i observed that there is an error with the content security policy.
In the console of developer tool, we obtain this error :
Refused to connect to https://discord.com/api/[REDACTED]/slack' because it violates the following Content Security Policy directive: "connect-src 'self' editor-assets.waze.com www.google-analytics.com storage.googleapis.com maps.googleapis.com www.googleapis.com stats.g.doubleclick.net clouderrorreporting.googleapis.com sheets.googleapis.com docs.google.com tigerweb.geo.census.gov services.arcgis.com"Desktop (please complete the following information):
Additional context For solving this issue temporary, I've set
Modify existing content security policy (CSP) headerstoRemove entirely (possibly unsecure)