Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firefox content script not loading in some pages

Tags:

firefox

firefox-addon

Context

I am currently working on a browser extension which is working as expected with Chrome and Opera but I am facing issues with Firefox. Here is a minimal version of manifest.json needed to reproduce the problem:

{
    "name": "Example",
    "version": "0.0.1",
    "author": "Pyves",
    "content_scripts": [
        {
            "all_frames": true,
            "matches": [
                "<all_urls>"
            ],
            "js": [
                "content.js"
            ]
        }
    ],
    "manifest_version": 2
}

And here is the related content.js:

console.log("Content script loaded");

Issue

Content script loaded is systematically logged regardless of the visited page when using Chrome and Opera. Nevertheless, the content script doesn't seem to load in some pages when using Firefox, for instance raw GitHub pages such as the following: https://raw.githubusercontent.com/badges/shields/master/README.md

There are no error messages in the Firefox console stating why the content script was not executed on that particular page.

Questions

  • Why is the Firefox extension unable to load the content script into some pages?

  • What changes need to be made so that the extension works consistently on all browsers?

like image 249
Pyves Avatar asked Dec 03 '17 19:12

Pyves

1 Answers

I finally figured out why the extension's content script is not loading in some pages when using Firefox.

After analysing the requests with the Network developer tools, it turns out that the following headers are returned when getting GitHub raw pages:

Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox

According to the MDN Web Docs, the sandbox CSP directive has the following effect:

enables a sandbox for the requested resource [...]. It applies restrictions to a page's actions including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy.

Therefore Firefox is preventing extensions from executing content scripts in pages with the sandbox CSP, whereas other browsers such as Chrome and Opera do allow this behaviour. Related bug reports in Mozilla's Bugzilla (1267027 and 1411641) highlight that:

CSP 'sandbox' directive prevents content scripts from matching, due to unique origin

This issue has been acknowledged and will hopefully be fixed in future releases of Firefox.

like image 124
Pyves Avatar answered Sep 28 '22 09:09

Pyves
Sign in to Comment

Related questions

Loading a JSON file in Firefox Addon Page Script, everything locally within the package
Why doesn't this button expand to width of its content in Firefox like it does in other browsers?
Where is 3D view in Firefox firebug?
How to completely remove firefox and reinstall in fedora
Prevent cursor from hiding in Browser after key is pressed
NPAPI support in Firefox and Chrome actually dropped?
Javascript bookmarklet on site with CSP in Firefox
Install Firefox add-on into Firefox OS Firefox browser
YouTube API does not appear to load in Firefox, IFrame gets loaded , but the onPlayerReady event never fires?
How to remove/disable Firefox Developer Tools? [closed]
Lato font missing letters in IE and Firefox
Firefox add-on sdk uninstall hook
Using SVG symbols in Firefox with AngularJS
How can I play sound with a GreaseMonkey script in FireFox when there's a "Content Security Policy" error?
ssl_error_weak_server_cert_key issue in firefox [closed]
document.dispatchEvent() not working in Firefox
Duplicate GET requests being generated several seconds later in Chrome and Firefox by unknown user agent when a CGI script is invoked
Some JS scripts loading in Chrome but not in Firefox
GeoLocation from gpsd
How do I disable Firefox gestures?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!