prox-config-sidki_2019-01-26b1
|
Jan. 24, 2022, 04:32 AM
Post: #30
|
|||
|
|||
RE: prox-config-sidki_2019-01-26b1
I don't see that exact problem with Opera but there is a problem.
Google is sending some browsers a Content-Security-Policy header that uses 'nonce' and 'strict-dynamic'. This causes the browser to ignore our 'unsafe-inline' addition and our inline scripts. Code: Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-stringhere==' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 The simple choice is to bypass or ignore the affected pages... Another is to remove 'nonce' and 'strict-dynamic' from the header. Warning: This would also allow malicious scripts, without the nonce attribute, and others to run. Code: [HTTP headers] As before, the better (for our point of view) but more time consuming choice would be to capture the nonce and add it to our rewritten scripts. (Jan. 23, 2022 05:45 PM)ProxRocks Wrote: When I visit http://www.google.com, I get the Proxomitron Menu in the lower right corner and the Information Hovers in the lower left corner. |
|||
« Next Oldest | Next Newest »
|