Comments (5)
nt1m
commented on August 23, 2024
One way to solve the CSP problem is just to drop the "home" and "Desktop" buttons completely and use sidebar.setPanel({ panel: 'urltoload' }); directly. The 'home' and 'desktop' buttons could possibly move to a browserAction.
from side-view.
ianb
commented on August 23, 2024
@nt1m Yes, initially that's how this was implemented, but @johngruen really wanted to add a little UI in the sidebar, and there's no other good way to do that besides the iframe (that I've come up with). @clouserw pointed out that only a really small number of sites use CSP currently, and even those that do don't necessary use frame-ancestors (X-Frame-Options is the more popular way, and we are able to fix that).
I'm going to close this and create a new issue for simply warning the user when this case is encountered.
from side-view.
ianb
commented on August 23, 2024
I should never have tested on testpilot.firefox.com! My tests seem to work on https://github.com, which has the offending headers. This isn't all that surprising, as testpilot.firefox.com is blacklisted in some cases.
from side-view.
pdehaan
commented on August 23, 2024
Possibly another site to test with, https://www.cnn.com/
from side-view.
nt1m
commented on August 23, 2024
If you're interested, a possible approach would be exposing <iframe mozbrowser> to Mozilla signed WebExtensions. <iframe mozbrowser> is not affected by CSP, and as a plus it has methods like canGoBack/goBack/etc...
The original plan was to expose it to all WebExtensions: https://bugzilla.mozilla.org/show_bug.cgi?id=1318532
but that's currently blocked by standardization issues. Exposing it to mozilla signed webextensions should be fine though.
from side-view.
Related Issues (20)
- [Feature Request] Search in sideview
- I'm looking for help with Firefox extension Context Search
- Feature Request: Disable Icon in Awesome Bar
- please update it!
- Can't play music.youtube.com in the background HOT 2
- No way to edit keyboard shortcuts for this extension HOT 1
- Simple Tab Group support
- Is this Dead? HOT 12
- Cannot open ChatGPT in Side View HOT 1
- Does not show local .svg graphics file HOT 1
- Causes Refresh Loop in SiriusXM Site
- It forces some sites to the mobile page in the main view HOT 5
- Is it possible to add command allow keyboard shortcuts?
- Change screen orientation
- Remove context menu icon
- Fix icon color in dark mode
- How to Make Side Panel Resizable [Instructions] HOT 2
- Breaks Google Meet HOT 6
- Feature request: pinning and minimizing
- Overriding max width via userChrome.css not possible anymore HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from side-view.