Page MenuHomePhabricator

XTools' ArticleInfo gadget will be blocked by CSP
Open, Needs TriagePublic


When the gadget is ran, this error appears in my console:

[Report Only] Refused to connect to '' because it violates the following Content Security Policy directive: "default-src 'self' data: blob: * * * * * * * * * * *". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Event Timeline

TerraCodes updated the task description. (Show Details)
MusikAnimal moved this task from Inbox to Other on the XTools board.Apr 9 2019, 3:50 PM
MusikAnimal added a subscriber: MusikAnimal.

Indeed :( There is talk for users to be able to selectively whitelist certain external domains, in this case Or, we could rewrite the script to work entirely off of the MediaWiki APi, but this will make it much slower and we might have to lose some functionality.

AlanM1 added a subscriber: AlanM1.Nov 30 2019, 5:12 AM