Firefox内容脚本未在某些页面中加载 [英] Firefox content script not loading in some pages
问题描述
上下文
我目前正在使用一个浏览器扩展程序,该扩展程序可以在Chrome和Opera上正常使用,但在Firefox上却遇到了问题.这是重现该问题所需的manifest.json的最低版本:
I am currently working on a browser extension which is working as expected with Chrome and Opera but I am facing issues with Firefox. Here is a minimal version of manifest.json needed to reproduce the problem:
{
"name": "Example",
"version": "0.0.1",
"author": "Pyves",
"content_scripts": [
{
"all_frames": true,
"matches": [
"<all_urls>"
],
"js": [
"content.js"
]
}
],
"manifest_version": 2
}
这是相关的content.js:
console.log("Content script loaded");
问题
Content script loaded.但是,使用Firefox时,某些页面似乎未加载内容脚本,例如原始的GitHub页面,如下所示:
https://raw.githubusercontent.com/badges/shields/master/README. md
Content script loaded is systematically logged regardless of the visited page when using Chrome and Opera. Nevertheless, the content script doesn't seem to load in some pages when using Firefox, for instance raw GitHub pages such as the following:
https://raw.githubusercontent.com/badges/shields/master/README.md
Firefox控制台中没有错误消息,说明为什么未在该特定页面上执行内容脚本.
There are no error messages in the Firefox console stating why the content script was not executed on that particular page.
问题
-
为什么Firefox扩展程序无法将内容脚本加载到某些页面中?
Why is the Firefox extension unable to load the content script into some pages?
需要进行哪些更改才能使扩展名在所有浏览器上一致地工作?
What changes need to be made so that the extension works consistently on all browsers?
推荐答案
我终于弄清了为什么使用Firefox时某些页面无法加载扩展的内容脚本.
I finally figured out why the extension's content script is not loading in some pages when using Firefox.
使用Network开发人员工具分析请求后,事实证明,获取GitHub原始页面时会返回以下标头:
After analysing the requests with the Network developer tools, it turns out that the following headers are returned when getting GitHub raw pages:
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
根据 MDN Web文档,sandbox CSP指令具有以下作用:
According to the MDN Web Docs, the sandbox CSP directive has the following effect:
为请求的资源启用沙箱[...].适用 对页面操作的限制,包括防止弹出窗口, 阻止执行插件和脚本,并强制执行 同源政策.
enables a sandbox for the requested resource [...]. It applies restrictions to a page's actions including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy.
因此,Firefox阻止扩展使用沙盒CSP在页面中执行内容脚本,而其他浏览器(例如Chrome和Opera)的确允许这种行为. Mozilla的Bugzilla中的相关错误报告( 1267027 和
Therefore Firefox is preventing extensions from executing content scripts in pages with the sandbox CSP, whereas other browsers such as Chrome and Opera do allow this behaviour. Related bug reports in Mozilla's Bugzilla (1267027 and 1411641) highlight that:
CSP'sandbox'指令由于唯一的来源而导致内容脚本无法匹配
CSP 'sandbox' directive prevents content scripts from matching, due to unique origin
此问题已得到公认,并有望在以后的Firefox版本中得到解决.
This issue has been acknowledged and will hopefully be fixed in future releases of Firefox.
这篇关于Firefox内容脚本未在某些页面中加载的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
