Page MenuHomePhabricator

XTools' ArticleInfo gadget will be blocked by CSP
Open, Stalled, LowPublic


When the gadget is ran, this error appears in my console:

[Report Only] Refused to connect to '' because it violates the following Content Security Policy directive: "default-src 'self' data: blob: * * * * * * * * * * *". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Event Timeline

MusikAnimal added a subscriber: MusikAnimal.

Indeed :( There is talk for users to be able to selectively whitelist certain external domains, in this case Or, we could rewrite the script to work entirely off of the MediaWiki APi, but this will make it much slower and we might have to lose some functionality.

MusikAnimal changed the task status from Open to Stalled.Jun 22 2021, 4:59 AM

Unactionable at this time.