LernerConsulting 0 Posted September 9, 2018 Share Posted September 9, 2018 Firefox 61 on Windows10, Evernote Web Clipper add-on Browse to any web page that has a Content Security Policy defined, and the Developer Tools, Network shows CSP errors: Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Bold-Italic.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Bold.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Medium-Italic.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Medium.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/caecilialtstd-bold-webfont.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/caecilialtstd-roman-webfont.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Light-Italic.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Light.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Book-Italic.woff (“font-src”). Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Book.woff (“font-src”). Text search of C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\PROFILECODE\ found only extension with "fonts/Gotham" was the Evernote Web Clipper, in file {E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi Firefox about:support#extensions-tbody shows Evernote Web Clipper has that ID (E0B8...) Link to comment
Level 5* gazumped 11,652 Posted September 11, 2018 Level 5* Share Posted September 11, 2018 Hi. For us civilians out here - does that mean you can't get a good clip of that page? Link to comment
LernerConsulting 0 Posted November 12, 2018 Author Share Posted November 12, 2018 No, it means that Evernote Web Clipper is loading fonts in a non-standard way, loading them in a way that triggers Content Security Policy errors, on any site that has a CSP defined. http://content-security-policy.com/ It doesn't affect "that page", it triggers errors on any page where the site developer added a content security policy, and a visitor uses Evernote Web Clipper. For example, if they loaded fonts from fonts.google.com then site developers could simply enable loading fonts from that location. Developers can't enable fonts on a random-number Chrome extension, and should not enable scripts and fonts in all Chrome extensions, CSP is for disallowing unknown scripts to operate on a site. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.