search

violentmonkey / violentmonkey-mx

Violentmonkey, userscripts support for Maxthon.
MIT License
53 stars 29 forks source link

script not working when the website set Content-Security-Policy in http response. #99

Open flysoso opened 6 years ago

flysoso commented 6 years ago

What is the problem?

script not working when the website set Content-Security-Policy in http response.

How to reproduce it?

  1. e.g. the website mp.wexin.qq.com

What is the expected result?

script work

What is the actual result?

script not work. it make console error like this: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.qq.com https://*.qq.com http://*.weishi.com https://*.weishi.com 'nonce-356257451'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

Environment

gera2ld commented 6 years ago

Known issue, and there is no workaround for Maxthon.