Roytam already struggles to embed Goanna 3.5 on K-meleon, so, be patient or use a user side fix as Kriss_88 extension or switch temporarily CSP. Replying to J.G., in my opinion, a macro or extension shouldn't be the patch, but an update to the engine, if possible. If I didn't implement in my pages is because might use Analytics to check if the site is being used and decide to delete it by inactivity, or if comply with their terms of use or whatever. So, is not that bad, I mean, is not a Google thing to f*** you, you can f*** them too. And the Google Analytics script, as it doesn't provide a nonce pass, it doesn't even execute. What does that page do? It shows that despite it prevents external JS files, it allows the external JS by using the nonce attribute but also it blocks the inline script that doesn't match the nonce password. In the past I did tests to check support with the following page, just to do the opposite, block Google Analytics and prevent users to be tracked: Similar might happen with Goanna 3.5, I don't know its release timing, but, anyway, Palemoon has been always behind since they forked to Goanna. In fact, on Gecko 31, so K-meleon 75.x ~2015-2016, there isn't support by just "a split second" on the release/engine embedding timing.ĭespite what MDN says, is not available to all Gecko 31 CSP harms users that want to change pages contents (us) but, for the average, it is needed, as, for nonce, prevent add-ons to behave wildly injecting JS and breaking users security.ĬSP 2.0, which added the nonce policy, has been there for long ago:Ĭontent Security Policy nonce explanation and support (almost at the end) Isn't it funny - GoogleMAIL, GoogleIMAGES, and Google-YOUTUBE insist on this, oh well.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |