This repository has been archived by the owner on Dec 12, 2022. It is now read-only.
CSP breaks injection #51
Labels
bug
Something isn't working
Comments
|
Looks like react devtools has the same problem, although possibly only with Firefox, bugzilla/1267027 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).Because the contentScript.js injects a payload into the user-space to access the Three objects, CSP settings can prevent inline script injections. No immediately solutions come to mind for debugging arbitrary three scenes, although we might be able to tag the script such that site owners can make an exception to the injected code (maybe by not inlining it and instead reference the allowlisted extension source, maybe an SRI attribute although that'd change for every release).
The text was updated successfully, but these errors were encountered: