Jump to content

Content Security Policy with Evernote Web Clipper


LernerConsulting

Recommended Posts

Firefox 61 on Windows10, Evernote Web Clipper add-on
 
Browse to any web page that has a Content Security Policy defined, and the Developer Tools, Network shows CSP errors:
 
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Bold-Italic.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Bold.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Medium-Italic.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Medium.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/caecilialtstd-bold-webfont.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/caecilialtstd-roman-webfont.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Light-Italic.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Light.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Book-Italic.woff (“font-src”).
Content Security Policy: The page’s settings blocked the loading of a resource at chrome-extension://f5d721bd-4645-43f9-9e7e-47cdd91ad4be/fonts/GothamSSm-Book.woff (“font-src”).
 
Text search of C:\Users\USERNAME\AppData\Roaming\Mozilla\Firefox\Profiles\PROFILECODE\ found only extension with "fonts/Gotham" was the Evernote Web Clipper,
in file {E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi
Firefox about:support#extensions-tbody shows Evernote Web Clipper has that ID (E0B8...)

 
Link to comment
  • 2 months later...

No, it means that Evernote Web Clipper is loading fonts in a non-standard way, loading them in a way that triggers Content Security Policy errors, on any site that has a CSP defined.

http://content-security-policy.com/

It doesn't affect "that page", it triggers errors on any page where the site developer added a content security policy, and a visitor uses Evernote Web Clipper.

For example, if they loaded fonts from fonts.google.com then site developers could simply enable loading fonts from that location. Developers can't enable fonts on a random-number Chrome extension, and should not enable scripts and fonts in all Chrome extensions, CSP is for disallowing unknown scripts to operate on a site.

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...