Firefox: finally a fix for a bug with multiple add-ons using CSP

Discussion in 'other software & services' started by summerheat, Apr 16, 2020.

  1. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,842
    There has been a bug in Firefox affecting add-ons which make use of Content Security Policy (CSP) to modify headers. The problem is that when using multiple of such add-ons it is unclear which add-on "wins".
    In other words:
    An example
    Examples of add-ons affected are uBlock Origin, uMatrix, Privacy Badger, CanvasBlocker and HTTPS Everywhere.

    A related bug report was opened about 2 years ago, among the participants in that discussion were @gorhill and Giorgio Maone (the Noscript author). There is also a lengthy discussion on gHacks-user.js for which the incomparable Thorin-Oakenpants assigned the "needs Jesus" label. ;)

    Now finally a patch has landed in Firefox Nightly which fixes that bug. The author of this patch demonstrated in this post how to test the different behavior of Firefox stable and Firefox Nightly.

    Note that Chromium-based browsers are not affected. However, in the discussion of that bug it was mentioned that those browsers don't deal with those situations in an optimal way, either.

    Anyway, the fix will be available in Firefox 77 to be released on 2020-06-02.

    So Thorin-Oakenpants will soon be able to alter his label to "Jesus was listening". :D
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,221
    canvas blocker* and https everywhere** are more than futile, i ever told.
    *is causing more failure than usage.
    **use https_only feature instead! (firefox 76++)

    ublock replaces over a dozen of other blockers, also privacy blocker.
    if you have discovered this you are able to handle it.
    ghacksuser.js is also futile, same BS like privacy-handbuch.de.
    dont change what you dont have understood.
     
  3. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    1,842
    Your silly post is not at all related to the subject of this thread. But finally you've succeeded in being moved to my ignore list. Congratulations.
     
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    3,221
    i dont care. finally if some uses a combination of such extensions it has no advantage. anyhow the the https_only feature will resolve a lot more issues with ublock and others.

    it concerns webrequest what i asked end of march because it was resolved nearly same time with firefox 77
    https://www.wilderssecurity.com/threads/ublock-a-lean-and-fast-blocker.365273/page-177#post-2905367

    https://hg.mozilla.org/mozilla-central/rev/ee0f0e5aea63
    https://hg.mozilla.org/mozilla-central/rev/09329f8a223b
    https://hg.mozilla.org/mozilla-central/rev/cea45f637b49

    so they are working on same thing but due corona not that fast as usual which explains the 6-day period between both.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.