script not working when the website set Content-Security-Policy in http response. #99

flysoso · 2018-06-16T09:02:47Z

What is the problem?

script not working when the website set Content-Security-Policy in http response.

How to reproduce it?

e.g. the website mp.wexin.qq.com

What is the expected result?

script work

What is the actual result?

script not work.
it make console error like this:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' http://.qq.com https://.qq.com http://.weishi.com https://.weishi.com 'nonce-356257451'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.

Environment

Browser:Maxthon
Browser version:5.2.3.3000
Violentmonkey version:2.8.4
OS:win10

gera2ld · 2018-06-17T02:32:57Z

Known issue, and there is no workaround for Maxthon.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

script not working when the website set Content-Security-Policy in http response. #99

script not working when the website set Content-Security-Policy in http response. #99

flysoso commented Jun 16, 2018

gera2ld commented Jun 17, 2018

script not working when the website set Content-Security-Policy in http response. #99

script not working when the website set Content-Security-Policy in http response. #99

Comments

flysoso commented Jun 16, 2018

What is the problem?

How to reproduce it?

What is the expected result?

What is the actual result?

Environment

gera2ld commented Jun 17, 2018