Vanwege onderhoudswerkzaamheden die uw ervaring zouden moeten verbeteren, heeft deze website beperkte functionaliteit. Als een artikel uw probleem niet verhelpt en u een vraag wilt stellen, kan onze ondersteuningsgemeenschap u helpen in @FirefoxSupport op Twitter en /r/firefox op Reddit.

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Bookmarklets don't work on https:// sites

  • 4 antwoorden
  • 11 hebben dit probleem
  • 1 weergave
  • Laatste antwoord van jiffyclub

more options

I maintain a bookmarklet that people use as an aid with the site http://nbviewer.ipython.org. The bookmarklet simply looks at the user's current URL and then opens a new tab if the current URL parses to something that will work on nbviewer. As of Firefox 21 this bookmarklet doesn't work on https:// sites such as GitHub. It works on http:// sites and everything works fine in Chrome. Text of bookmarklet is at https://github.com/jiffyclub/open-in-nbviewer/blob/master/bookmarklet/nbviewer_bookmarklet.js. Is there anything I can do to get this working for people?

According to the Mozilla wiki bookmarklets should be unaffected by browser security settings: https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations.

Here's an example where the bookmarklet will work: http://iupr1.cs.uni-kl.de/~tmb/ncso/00-introduction.ipynb

And here's one where it won't: https://raw.github.com/jiffyclub/ipythonblocks/master/demos/Firework.ipynb

I maintain a bookmarklet that people use as an aid with the site http://nbviewer.ipython.org. The bookmarklet simply looks at the user's current URL and then opens a new tab if the current URL parses to something that will work on nbviewer. As of Firefox 21 this bookmarklet doesn't work on https:// sites such as GitHub. It works on http:// sites and everything works fine in Chrome. Text of bookmarklet is at https://github.com/jiffyclub/open-in-nbviewer/blob/master/bookmarklet/nbviewer_bookmarklet.js. Is there anything I can do to get this working for people? According to the Mozilla wiki bookmarklets should be unaffected by browser security settings: https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations. Here's an example where the bookmarklet will work: http://iupr1.cs.uni-kl.de/~tmb/ncso/00-introduction.ipynb And here's one where it won't: https://raw.github.com/jiffyclub/ipythonblocks/master/demos/Firework.ipynb

Bewerkt door jiffyclub op

Gekozen oplossing

You can vote for this bug to show your interest in getting this fixed.

Please DO NOT comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

Dit antwoord in context lezen 👍 2

Alle antwoorden (4)

more options

That is because of the CSP header that Github is sending.
I noticed this a while back when I wanted to check the CSS file with a bookmarklet and it didn't work.

X-Content-Security-Policy: default-src *; script-src 'self' https://github.global.ssl.fastly.net https://jobs.github.com https://ssl.google-analytics.com https://collector.githubapp.com https://analytics.githubapp.com; style-src 'self' 'unsafe-inline' https://github.global.ssl.fastly.net; object-src 'self' https://github.global.ssl.fastly.net

Running bookmarklets would require to disable this security feature (security.csp.enable).
Of course this is not recommended.

more options

According to https://wiki.mozilla.org/Security/CSP/Specification#Non-Normative_Client-Side_Considerations CSP should explicitly not interfere with the operation of bookmarklets. Does the fact that it does interfere mean there's a bug in Firefox?

The bookmarklet was working fine for Firefox users up until Firefox 21, and unless I'm wrong CSP is a bit older than that.

more options

Gekozen oplossing

You can vote for this bug to show your interest in getting this fixed.

Please DO NOT comment in bug reports: https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

more options

Great, thanks!