Mozilla Firefox has a problem proper now that’s inflicting conflicts if a number of extensions are put in that modify CSP headers on visited websites.
CSP, which stands for Content Security Policy, is a safety addition that websites may use to detect and mitigate sure assault varieties akin to Cross Site Scripting or knowledge injections.
Browser extensions may use CSP injection to change headers. The widespread content material blocker uBlock Origin may use it to dam distant fonts from loading on pages visited within the browser, and Canvas Blocker makes use of it to dam knowledge URL pages.
The workforce behind the Ghacks User JS maintains a listing of extensions identified to make use of CSP injection for some performance. The workforce did an important job analyzing the problem and accumulating all of the bits and items. You may additionally wish to learn by the issue description on GitHub for extra data.
You discover widespread extensions like uBlock Origin, uMatrix, or HTTPS Everywhere on the record in addition to others akin to Enterprise Policy Generator, Cookie AutoDelete, or Skip Redirect.
Addendum: solely entries with a purple exclamation mark use CSP injection.
If there’s multiple extension lively on a web page that makes use of CSP injection, just one is used. Imagine the next state of affairs: you might have a content material blocker and one other extension put in that each use CSP injection.
Only a type of will truly be capable of do this, the opposite will not. In different phrases, it might occur that some extensions will not work 100% due to the battle.
when two or extra extensions use CSP injection to change headers on the identical web page, just one wins. It would not matter who: first loaded, first modified – do not care: the very fact is just one extension will obtain what it’s meant to, the opposite(s) will fail
Basic instance? Content blockers not blocking sure content material as a result of one other extension received precedence.
The challenge seems to be Firefox particular on the time. The bug was reported to Mozilla a while in the past (greater than a yr in the past) and Mozilla assigned it a precedence of two. P2 points will not be precisely excessive positioned within the growth queue and it’s unclear if or when the problem might be resolved.
Firefox doesn’t appear to disclose the battle to the person of the browser, and it isn’t trivial to seek out out if an extension does CSP injections (seek for content-security-policy in all information of an extension, however first extract it to the native system or use Extension Source Viewer to view it). You may use Notepad++ to search for text in all files, the excellent search tool Everything, or the command line tool findstr.
You may be capable of resolve the problem by both a) disabling the performance in extensions if attainable or b) uninstalling add-ons.
Now You: What is your tackle the problem? Too small to repair? Urgent repair needed?