-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extension has issues with CSP and Samesite origin #9
Comments
@DrWhax The issue with As for the mentioned CSP issue, those files are only supposed to be invoked in chrome and not for firefox. firefox doesn't recognize the
The core of Vandal navigation is the Iframe. In most cases, it's thrives on it and in other cases, it's limited by it. The tool is not meant for everyone. May be I should state it more explicitly on the |
To get to the core of the issue here, for me to reference back and in case I wasn't clear enough (sorry about that), the website URL and it's response headers are fetched from cache by service workers. So, Vandal is no longer able to intercept the request through Related issue: https://bugs.chromium.org/p/chromium/issues/detail?id=766433 Potential solutions:
|
Hey, awesome idea!
I'm trying to test it out with some co-workers but it doesn't seem to ever load any data from the wayback machine. I use firefox 78.10.0.esr with extensions, but it also doesn't load in a firefox without any extensions installed, except the vandal one.
When I open the debugger of the browser I see the following:
The CSP configuration will cause issues in Firefox,. However, the same website I tested in chrome worked for me: nu.nl. but another like fox-it.com hasn't because of X-frame-options being "sameorigin".
Not sure what the right way is on fixing this and I haven't dived into the code, but maybe not load original websites in that frame as a lot of it would break?
The text was updated successfully, but these errors were encountered: