Firefox Add-on SDK extension with Websocket doesn't work for Facebook/Twitter -
i'm developing firefox extension based on addon sdk. inside content script, need create websocket connection localhost server using wss. in addon script (index.js), use "sdk/tabs" inject content script.
var tabs = require("sdk/tabs"); tabs.on("ready", function(tab){ var worker = tab.attach({ contentscriptfile: ["./websocket.js"] }); }); data/websocket.js looks like:
websocket = new websocket("wss://localhost:8443/websocketserver/"); websocket.onopen = function(evt){ console.log("connection open"); websocket.send("connection established!"); }; websocket.onmessage = function(evt){ console.log("message received: "+evt.data); }; i open firefox , open page https://localhost:8443/ , accept certificate. certificate won't problem here.
i can open normal http page , addon works perfectly, talks websocket server. can make work if open https://google.com. when open https://www.facebook.com or https://www.twitter.com, websocket connection cannot established.
when turn on developer console, can see error message:
content security policy: page's settings blocked loading of resource @ wss://localhost:8443/websocketserver/ ("connect-src https://graph.facebook.com https://*.giphy.com https://pay.twitter.com https://analytics.twitter.com https://media.riffsy.com https://upload.twitter.com https://api.mapbox.com https://twitter.com"). content security policy: page's settings blocked loading of resource @ wss://localhost:8443/websocketserver/ ("connect-src https://*.facebook.com https://*.fbcdn.net https://*.facebook.net https://*.spotilocal.com:* https://*.akamaihd.net wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* https://*.atlassolutions.com https://attachment.fbsbx.com ws://localhost:* blob:"). after check, find facebook , twitter both implement content script policy in http header: https://developer.mozilla.org/en-us/docs/web/security/csp/introducing_content_security_policy
but think policy should exempted addon. how bypass check , make websocket connection work on facebook , twitter also?
i found there 1 link uses xpcomm hyjack http header , bypass csp check, not i'm looking for, xpcomm deprecated firefox. there more proper way of doing this?
thanks lot!
Comments
Post a Comment