Adds "unfold all changesets" buttons (hotkey: f) above/below Commit History pages at github, letting you browse the source changes without leaving the page. (Click a commit header again to re-fold it.) You can also fold or unfold individual commits by clicking on non-link parts of the commit. As a bonus, all named commits get their tag/branch names annotated in little bubbles on the right.
< Valutazione su Github: unfold commit history
Content Security Policy
Try about:config -> security.csp.experimentalEnabled true.
And here is hot discussion on this new Firefox "feature" at bugzilla.mozilla.org
sorry, the right pref is: security.csp.experimentalEnabled false .
sorry again, security.csp.enable false
Content Security PolicyTry about:config -> security.csp.experimentalEnabled true.
And here is hot discussion on this new Firefox "feature" at bugzilla.mozilla.org
Thank you for your input. I actually don't want a workaround, but a real solution. As said above I have multiple Github scripts that do work.
Github has what I think must be an unusually strict CSP:
default-src *; script-src assets-cdn.github.com www.google-analytics.com collector-cdn.github.com; object-src assets-cdn.github.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' assets-cdn.github.com; font-src assets-cdn.github.com
The script-src does not allow execution of inline scripts (does not have "unsafe-inline"), so Firefox disables inline scripts in the page. As a result, the userscript that is the subject of this thread can inject the script but Firefox will not execute it.
https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives#Supported_policy_directives
The "solution" is to execute the code from the userscript. I was able to inject a button into the page with an event listener pointing back at the userscript, so at least a basic UI is possible. But I'm not sure about more complicated stuff.
Tested Script:
function yellowbod(){
document.body.style.backgroundColor = "yellow";
}
var s=document.createElement("button");
s.addEventListener("click", yellowbod, false);
s.appendChild(document.createTextNode("TEST"));
document.body.appendChild(s);Edit: Here's a page to test some of the possible script-src directives against bookmarklets and userscripts:
Doesn't work because of Content Security Policy
Your script sounds interesting, but it doesn't seems to work. I tried the script in both Greasemonkey & Scriptish without success.
In the error console I'm getting the following message twice:
The reason for this is probably the way you tried to inject your script into Github when running on https.
When building my scripts for Github I never had that problem, you mite want to check those out.
Hope you can fix this.
Firefox 30.0 RC1
Greasemonkey 1.15
Scriptish 0.1.11
Windows 7