Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix frame-ancestors blocking the disco pane loading #9627

Closed
muffinresearch opened this issue May 23, 2016 · 4 comments · Fixed by mozilla/addons-frontend#434 or mozilla/addons-frontend#439
Closed

Fix frame-ancestors blocking the disco pane loading #9627

muffinresearch opened this issue May 23, 2016 · 4 comments · Fixed by mozilla/addons-frontend#434 or mozilla/addons-frontend#439
Labels
repository:addons-frontend Issue relating to addons-frontend

Comments

@muffinresearch
Copy link
Contributor

STR:

  • Go to about:config , change the extensions.webserver.discoverURL host to point at discovery.addons.allizom.org
  • Hit about:addons and click get addons.

What happens:

  • "Blocked by Content Security Policy" page

What should happen:

  • The about:addons page should render normally.
@muffinresearch
Copy link
Contributor Author

muffinresearch commented May 23, 2016
edited
Loading

Testing with Charles replacing the frame-ancestors 'none' value with about:addons works as expected. Wasn't the case see update below.

@muffinresearch muffinresearch mentioned this issue May 23, 2016
Merged
@muffinresearch muffinresearch mentioned this issue May 5, 2024
Closed
@muffinresearch
Copy link
Contributor Author

It seems this isn't going to work after all. I made a mistake with the charles testing, which made it look like this worked when in fact I was modifying the header to report-only mode instead.

To fix this we need to remove the frame-ancestors directive for the disco pane or just set it to * which is probably the easiest solution unless there's another way for identifying about:addons to the CSP internals.

@muffinresearch
Copy link
Contributor Author

Looking at the location object the protocol is about: but hostname is '' which is probably why the full string doesn't match. Replacing the directive in charles seems to have this work, so I'm going to limit to about: and see if that works when deployed.

@muffinresearch muffinresearch mentioned this issue May 23, 2016
Merged
@muffinresearch
Copy link
Contributor Author

Confirmed this is now working:

add-ons_manager

@KevinMind KevinMind transferred this issue from mozilla/addons-frontend May 5, 2024
@KevinMind KevinMind added repository:addons-frontend Issue relating to addons-frontend migration:2024 labels May 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
repository:addons-frontend Issue relating to addons-frontend
Projects
None yet
Milestone
No milestone
2 participants
@muffinresearch @KevinMind