Child Item

Using the Javascript Chooser API in a Web Extension

I am developing a feature for my note taking Firefox Web Extension to import text from a text file from the User's Dropbox using the Javascript Chooser API

After invoking the Dropbox.choose(options) with a button, the resulting window fails to load properly, displaying the message indicated in the attached image below concerning the origin not matching any app domain (since its an extension and not a normal url). I would like to know if there is a different approach or workaround that I may be missing.

Additionally according to the MDN Security Best Practices for Web Extensions, it would seem that the recommended setup outlined on the Javascript Chooser API page using an embeded script in the HTML is inadequate for this application. However, even after downloading the src script and attempting to use it locally the src script still attempts to invoke creating a script element in the HTML which Firefox rejects and produces the error:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”)

Any ideas on working around this?

Find more posts tagged with

API

Abuse

Accepted answers

Greg-DB

Unfortunately, the Dropbox Chooser is only built for standard browser environments, and isn't supported in environments like this, e.g., in a Firefox extension. That being the case, I'm afraid I can't offer any solution to these issues. I'll send this along as a request for support for this scenario, but I can't promise if/when that would be implemented.

All comments

Greg-DB

davidthigpen

I completely understand, and thank you for the quick response!

rozek

I have the very same problem with an ordinary web page (i.e., not a Firefox Web Extension!) using Firefox 63.0.3 under macOS.

For that reason, the given answer does not really seem "acceptable" for me!

Here are a few messages, I found in the JS console of the Dropbox window - perhaps, they may help you a bit:

Content Security Policy: Die Direktive 'child-src' sollte nicht mehr verwendet werden. Bitte verwenden Sie stattdessen die Direktive 'worker-src' zum Kontrollieren von Workern bzw. die Direktive 'frame-src' zum Kontrollieren von Frames.
cpu_idle_tracking_started chooser:75:6516
dws_ensemble_constructor chooser:75:3448
dws_ensemble_begin_init chooser:75:3448
dws_tti_timeout_started chooser:75:3448
dws_ensemble_init chooser:75:3448
dws-processChunk-embedded-app-start-1 chooser:75:3448
dws-processChunk-embedded-app-require_config-1 chooser:75:3448
dws-processChunk-embedded-app-const_module-1 chooser:75:3448
dws-processChunk-embedded-app-const_module-2 chooser:75:3448
dws-processChunk-embedded-app-const_module-3 chooser:75:3448
dws-processChunk-embedded-app-const_module-4 chooser:75:3448
dws-processChunk-embedded-app-const_module-5 chooser:75:3448
dws-processChunk-embedded-app-const_module-6 chooser:75:3448
dws-processChunk-embedded-app-done-1 chooser:75:3448
dws_before_internal_setup_pagelet_uncached_pagelet_skeleton-0 chooser:75:3448
dws_before_internal_setup_pagelet_uncached_dropins__chooser_rpc chooser:75:3448
dws_start_initialize_load_uncached_dropins__chooser_rpc chooser:75:3448
dws_pagelet_payload_available_embedded-app chooser:75:3448
dws_pagelet_render_on_page_embedded-app chooser:75:3448
dws_pagelet_render_on_page_dropins__chooser_rpc chooser:75:3448
dws_pagelet_render_on_page_uncached_dropins__chooser_rpc chooser:75:3448
DOMInteractive chooser:75:13844
dws_pagelet_css_loaded_embedded-app chooser:75:3448
dws_pagelet_load_stylesheet_dropins__chooser_rpc chooser:75:3448
dws_pagelet_load_stylesheet_uncached_dropins__chooser_rpc chooser:75:3448
dws_core_externals_loaded chooser:75:3448
dws_embedded-app_require_config_callback chooser:75:17030
dws_embedded-app_require_config_callback chooser:75:3448
Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf inline blockiert ("script-src").
chooser:2:13676
Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf inline blockiert ("script-src").
chooser:2:13794
dws_tti_timeout_expired

Greg-DB

@rozek If you're not running in an extension, it sounds like there's a different cause of the issue you're seeing. Please open a new thread with the details of the problem you're seeing, e.g., include a screenshot of the error page you're getting, so we can check on it for you. Thanks in advance!