Avatar for Username

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Learn More

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Bookmarklets don't work on https:// sites

  • 4 antwoorden
  • 11 hebben dit probleem
  • 20 weergaven
  • Laatste antwoord van jiffyclub

jiffyclub
jiffyclub
more options

I maintain a bookmarklet that people use as an aid with the site http://nbviewer.ipython.org. The bookmarklet simply looks at the user's current URL and then opens a new tab if the current URL parses to something that will work on nbviewer. As of Firefox 21 this bookmarklet doesn't work on https:// sites such as GitHub. It works on http:// sites and everything works fine in Chrome. Text of bookmarklet is at https://github.com/jiffyclub/open-in-nbviewer/blob/master/bookmarklet/nbviewer_bookmarklet.js. Is there anything I can do to get this working for people?

According to the Mozilla wiki bookmarklets should be unaffected by browser security settings: https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations.

Here's an example where the bookmarklet will work: http://iupr1.cs.uni-kl.de/~tmb/ncso/00-introduction.ipynb

And here's one where it won't: https://raw.github.com/jiffyclub/ipythonblocks/master/demos/Firework.ipynb

I maintain a bookmarklet that people use as an aid with the site http://nbviewer.ipython.org. The bookmarklet simply looks at the user's current URL and then opens a new tab if the current URL parses to something that will work on nbviewer. As of Firefox 21 this bookmarklet doesn't work on https:// sites such as GitHub. It works on http:// sites and everything works fine in Chrome. Text of bookmarklet is at https://github.com/jiffyclub/open-in-nbviewer/blob/master/bookmarklet/nbviewer_bookmarklet.js. Is there anything I can do to get this working for people? According to the Mozilla wiki bookmarklets should be unaffected by browser security settings: https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations. Here's an example where the bookmarklet will work: http://iupr1.cs.uni-kl.de/~tmb/ncso/00-introduction.ipynb And here's one where it won't: https://raw.github.com/jiffyclub/ipythonblocks/master/demos/Firework.ipynb

Bewerkt door jiffyclub op

Gekozen oplossing

You can vote for this bug to show your interest in getting this fixed.

Please DO NOT comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

Dit antwoord in context lezen 👍 2

Alle antwoorden (4)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

That is because of the CSP header that Github is sending.
I noticed this a while back when I wanted to check the CSS file with a bookmarklet and it didn't work. 

X-Content-Security-Policy: default-src *; script-src 'self' https://github.global.ssl.fastly.net https://jobs.github.com https://ssl.google-analytics.com https://collector.githubapp.com https://analytics.githubapp.com; style-src 'self' 'unsafe-inline' https://github.global.ssl.fastly.net; object-src 'self' https://github.global.ssl.fastly.net

Running bookmarklets would require to disable this security feature (security.csp.enable).
Of course this is not recommended.

jiffyclub
jiffyclub Vraageigenaar
more options

According to https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations CSP should explicitly not interfere with the operation of bookmarklets. Does the fact that it does interfere mean there's a bug in Firefox?

The bookmarklet was working fine for Firefox users up until Firefox 21, and unless I'm wrong CSP is a bit older than that.

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Gekozen oplossing

You can vote for this bug to show your interest in getting this fixed.

Please DO NOT comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

jiffyclub
jiffyclub Vraageigenaar
more options

Great, thanks!