Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSP error in Chrome #436

Open
IlyaFirsov opened this issue Jul 31, 2024 · 6 comments
Open

CSP error in Chrome #436

IlyaFirsov opened this issue Jul 31, 2024 · 6 comments

Comments

@IlyaFirsov
Copy link

When using advanced blocking I recently started to get the following error:

Custom function syntax error EvalError: Refused to evaluate a string as JavaScript because this document requires 'Trusted Type' assignment.
    at eval (<anonymous>)
    at storageReceived (inject.js:1414:27)
    at inject.js:1613:9
storageReceived @ inject.js:1420

As a result, advanced blocking rules no longer work. Can it be fixed?

BlockTube 0.4.2, Chrome 127.0.6533.89
@aninder
Copy link

aninder commented Aug 1, 2024
edited
Loading

have 2 chrome types installed,
on Chrome Standard which is at 127.0.6533.88 , the advanced blocking rules are working
on Chrome canary which is at 129.0.6629.0 , with recent update the advanced blocking rules throw error with ,
"This document requires 'TrustedScript' assignment.
Custom function syntax error EvalError: Refused to evaluate a string as JavaScript because this document requires 'Trusted Type' assignment."

It seems for Chrome standard something was changed between 127.0.6533.88 and 127.0.6533.89 that has started causing this issue.

BlockTube 0.4.2

@aninder
Copy link

aninder commented Aug 1, 2024

stange but advanced blocking started working. on same chrome canary version 129.0.6629.0 after a bit .
updated chrome standard from 127.0.6533.88 to 127.0.6533.89 and it's workiing there as well.
Not sure what happened there.

@old4ever
Copy link

old4ever commented Aug 6, 2024
edited
Loading

I have also experienced this issue, upgraded Chrome (126.0.6478.126-1 ⇒ 127.0.6533.88-1).
I tried to do a further investigation on what exactly changed during these versions, but instead found this article from Google's Chrome for Developers Blog, stating that they would start enforcing "Trusted Types" on YouTube starting July 25, 2024.

Meaning, the change wasn't done on Chrome's side (in fact, "Trusted Types" were a thing in Chrome since 2020-05-19), but on YouTube's.

I haven't figured out the way to bypass this locally, but it's clear that this requires some code changes in the extension.

@llamatar
Copy link

llamatar commented Aug 8, 2024

As a (potentially unsafe) workaround, you can override the Content Security Policy on YouTube.

The following rule in the Content Security Policy Override extension removes the requirement for Trusted Types:

[
    ["https://www\\.youtube\\.com", [
        ["require-trusted-types-for 'script'", ""]
    ]]
]

@llamatar llamatar mentioned this issue Aug 10, 2024
Open
@magiruuvelvet
Copy link

I'm attempting to solve this issue in PR #448 directly in BlockTube without having to install additional extensions. I would be glad to get some feedback on this.

@llamatar
Copy link

Advanced blocking seems to be working without workaround now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@aninder @magiruuvelvet @llamatar @IlyaFirsov @old4ever