Skip to content
This repository has been archived by the owner on Jul 27, 2024. It is now read-only.

script not working when the website set Content-Security-Policy in http response. #99

Open
flysoso opened this issue Jun 16, 2018 · 1 comment
Open

script not working when the website set Content-Security-Policy in http response. #99

flysoso opened this issue Jun 16, 2018 · 1 comment

Comments

@flysoso
Copy link

flysoso commented Jun 16, 2018

What is the problem?

script not working when the website set Content-Security-Policy in http response.

How to reproduce it?

  1. e.g. the website mp.wexin.qq.com

What is the expected result?

script work

What is the actual result?

script not work.
it make console error like this:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' http://.qq.com https://.qq.com http://.weishi.com https://.weishi.com 'nonce-356257451'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

Environment

  • Browser:Maxthon
  • Browser version:5.2.3.3000
  • Violentmonkey version:2.8.4
  • OS:win10
@gera2ld
Copy link
Member

gera2ld commented Jun 17, 2018

Known issue, and there is no workaround for Maxthon.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gera2ld @flysoso