Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Bookmarklets don't work on https:// sites

  • 4 відповіді
  • 11 мають цю проблему
  • 14 переглядів
  • Остання відповідь від jiffyclub

more options

I maintain a bookmarklet that people use as an aid with the site http://nbviewer.ipython.org. The bookmarklet simply looks at the user's current URL and then opens a new tab if the current URL parses to something that will work on nbviewer. As of Firefox 21 this bookmarklet doesn't work on https:// sites such as GitHub. It works on http:// sites and everything works fine in Chrome. Text of bookmarklet is at https://github.com/jiffyclub/open-in-nbviewer/blob/master/bookmarklet/nbviewer_bookmarklet.js. Is there anything I can do to get this working for people?

According to the Mozilla wiki bookmarklets should be unaffected by browser security settings: https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations.

Here's an example where the bookmarklet will work: http://iupr1.cs.uni-kl.de/~tmb/ncso/00-introduction.ipynb

And here's one where it won't: https://raw.github.com/jiffyclub/ipythonblocks/master/demos/Firework.ipynb

I maintain a bookmarklet that people use as an aid with the site http://nbviewer.ipython.org. The bookmarklet simply looks at the user's current URL and then opens a new tab if the current URL parses to something that will work on nbviewer. As of Firefox 21 this bookmarklet doesn't work on https:// sites such as GitHub. It works on http:// sites and everything works fine in Chrome. Text of bookmarklet is at https://github.com/jiffyclub/open-in-nbviewer/blob/master/bookmarklet/nbviewer_bookmarklet.js. Is there anything I can do to get this working for people? According to the Mozilla wiki bookmarklets should be unaffected by browser security settings: https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations. Here's an example where the bookmarklet will work: http://iupr1.cs.uni-kl.de/~tmb/ncso/00-introduction.ipynb And here's one where it won't: https://raw.github.com/jiffyclub/ipythonblocks/master/demos/Firework.ipynb

Змінено jiffyclub

Обране рішення

You can vote for this bug to show your interest in getting this fixed.

Please DO NOT comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

Читати цю відповідь у контексті 👍 2

Усі відповіді (4)

more options

That is because of the CSP header that Github is sending.
I noticed this a while back when I wanted to check the CSS file with a bookmarklet and it didn't work.

X-Content-Security-Policy: default-src *; script-src 'self' https://github.global.ssl.fastly.net https://jobs.github.com https://ssl.google-analytics.com https://collector.githubapp.com https://analytics.githubapp.com; style-src 'self' 'unsafe-inline' https://github.global.ssl.fastly.net; object-src 'self' https://github.global.ssl.fastly.net

Running bookmarklets would require to disable this security feature (security.csp.enable).
Of course this is not recommended.

more options

According to https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations CSP should explicitly not interfere with the operation of bookmarklets. Does the fact that it does interfere mean there's a bug in Firefox?

The bookmarklet was working fine for Firefox users up until Firefox 21, and unless I'm wrong CSP is a bit older than that.

more options

Вибране рішення

You can vote for this bug to show your interest in getting this fixed.

Please DO NOT comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html