Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Potential CSP Issue in Chrome 130 #7

Closed
2 tasks done
shikhir-arora opened this issue Sep 1, 2024 · 6 comments
Closed
2 tasks done

[Bug]: Potential CSP Issue in Chrome 130 #7

shikhir-arora opened this issue Sep 1, 2024 · 6 comments
Labels
bug Something isn't working

Comments

@shikhir-arora
Copy link

shikhir-arora commented Sep 1, 2024
edited
Loading

Version

0.0.1.5-PUBLIC-BETA

Describe the bug

I wanted to express my gratitude for creating such an excellent extension that is open-source, well-documented, clean, and lightweight.

I typically use Chrome Canary as my daily browser. However, a recent change in CSP policies or how the browser handles them seems to be affecting the loading of the Complexity extension. I used the extension for a few days, and it worked perfectly. However, currently, only the CSS injection seems to be working. I have attached several relevant screenshots below. I have also tried everything in Incognito Mode with no other extensions enabled.

I appreciate the effort you've put into this project. Please let me know if you can reproduce this issue. 🙂

Steps to reproduce

Please take a look at the screenshots below! 👍

Bug confirmation

  • I am not able to reproduce the issue with the extension disabled
  • I have re-installed the extension and the issue persists

Expected behavior

Normal behaviour, i.e:
Untitled

Screenshots

Screenshot 2024-09-01 at 7 24 51 PM Screenshot 2024-09-01 at 7 24 21 PM Screenshot 2024-09-01 at 7 19 17 PM Screenshot 2024-09-01 at 7 00 40 PM Screenshot 2024-09-01 at 6 56 39 PM

Browser

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Additional context

No response
@shikhir-arora shikhir-arora added the bug Something isn't working label Sep 1, 2024
@pnd280
Copy link
Owner

pnd280 commented Sep 2, 2024
edited
Loading

ce9242a should fix the issue. The fix is somewhat hacky since @crxjs/vite-plugin doesn't have an option to disable use_dynamic_url, which is most likely the cause that triggers the CSP

https://github.com/pnd280/complexity/releases/tag/v0.0.1.6-alpha

@pnd280 pnd280 closed this as completed Sep 2, 2024
@shikhir-arora
Copy link
Author

shikhir-arora commented Sep 2, 2024
edited
Loading

@pnd280 - Thank you, it works great! 👍

@pnd280 pnd280 mentioned this issue Sep 26, 2024
Closed
2 tasks
@JSerwatka JSerwatka mentioned this issue Oct 16, 2024
Closed
@bruceeewong
Copy link

@pnd280 Hey, first of all, thank you for the brilliant hack, it worked for build version. However, for dev mode, crxjs would always append an entry of web_accessible_resources, which causes the extension fail to be loaded by the latest Chrome. Do you have the same issue?

{
  "matches": ["<all_urls>"],
  "resources": ["**/*", "*"],
  "use_dynamic_url": true
}

@pnd280
Copy link
Owner

pnd280 commented Oct 18, 2024

@pnd280 Hey, first of all, thank you for the brilliant hack, it worked for build version. However, for dev mode, crxjs would always append an entry of web_accessible_resources, which causes the extension fail to be loaded by the latest Chrome. Do you have the same issue?

{
  "matches": ["<all_urls>"],
  "resources": ["**/*", "*"],
  "use_dynamic_url": true
}

my solution works for both dev and build env, as long as it purges all "use_dynamic_url": trues

@Ang-l
Copy link

Ang-l commented Oct 28, 2024

@pnd280 Hey, first of all, thank you for the brilliant hack, it worked for build version. However, for dev mode, crxjs would always append an entry of web_accessible_resources, which causes the extension fail to be loaded by the latest Chrome. Do you have the same issue?

{
  "matches": ["<all_urls>"],
  "resources": ["**/*", "*"],
  "use_dynamic_url": true
}

my solution works for both dev and build env, as long as it purges all "use_dynamic_url": trues

@pnd280 Hello, the solution I used from you still cannot solve it.

@pnd280
Copy link
Owner

pnd280 commented Oct 28, 2024
edited
Loading

@Ang-l please continue discussion in the original issue crxjs/chrome-extension-tools#918

Repository owner locked as resolved and limited conversation to collaborators Oct 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@shikhir-arora @pnd280 @bruceeewong @Ang-l