Browser extensions may not behave properly on Reward Gateway because they fail to load additional resources. These resources fail to load because the extension has not properly accounted for sites using a technology called Content Security Policy (CSP.) You should contact the browser extension author to make them aware of this problem.
What is a Content Security Policy (CSP)?
A CSP is a response header or meta tag that allows site owners to declare what content can be loaded from where. This reduces the risks associated with cross-site scripting and means that, if someone can find a cross-site scripting vulnerability, they must load it from one of the safelisted locations. If they cannot find a way of doing this, the browser follows the policy and prevents the resource from loading.
How does this prevent browser extensions working?
Some browser extensions 'inject' their own resources into the page being viewed. This causes the browser to make requests on their behalf, and these requests are evaluated against the policy. These requests will not pass because they do not match any policy rule set by us.
What can we do about this?
When you install a browser extension, you are giving it an enormous amount of power over your browser. Browser extensions can manipulate the policy securely themselves and add new policy rules to avoid issues with CSP.
We will not modify our policy to support individual browser extension requests because we cannot be certain of the particular resources being loaded either.
You should contact the browser extension author to make them aware of this problem.
Comments
0 comments
Please sign in to leave a comment.