Firefox Add-on SDK extension with Websocket doesn't work for Facebook/Twitter -

-

i'm developing firefox extension based on addon sdk. inside content script, need create websocket connection localhost server using wss. in addon script (index.js), use "sdk/tabs" inject content script.

var tabs = require("sdk/tabs"); tabs.on("ready", function(tab){      var worker = tab.attach({          contentscriptfile: ["./websocket.js"]      }); });

data/websocket.js looks like:

websocket = new websocket("wss://localhost:8443/websocketserver/"); websocket.onopen = function(evt){                        console.log("connection open");                        websocket.send("connection established!");                    }; websocket.onmessage = function(evt){                           console.log("message received: "+evt.data);                    };

i open firefox , open page https://localhost:8443/ , accept certificate. certificate won't problem here.

i can open normal http page , addon works perfectly, talks websocket server. can make work if open https://google.com. when open https://www.facebook.com or https://www.twitter.com, websocket connection cannot established.

when turn on developer console, can see error message: 

content security policy: page's settings blocked loading of  resource @ wss://localhost:8443/websocketserver/ ("connect-src  https://graph.facebook.com https://*.giphy.com https://pay.twitter.com  https://analytics.twitter.com https://media.riffsy.com  https://upload.twitter.com https://api.mapbox.com https://twitter.com").   content security policy: page's settings blocked loading of    resource @ wss://localhost:8443/websocketserver/ ("connect-src     https://*.facebook.com https://*.fbcdn.net https://*.facebook.net  https://*.spotilocal.com:* https://*.akamaihd.net wss://*.facebook.com:*  https://fb.scanandcleanlocal.com:* https://*.atlassolutions.com  https://attachment.fbsbx.com ws://localhost:* blob:").

after check, find facebook , twitter both implement content script policy in http header: https://developer.mozilla.org/en-us/docs/web/security/csp/introducing_content_security_policy

but think policy should exempted addon. how bypass check , make websocket connection work on facebook , twitter also?

i found there 1 link uses xpcomm hyjack http header , bypass csp check, not i'm looking for, xpcomm deprecated firefox. there more proper way of doing this?

thanks lot!


Comments

Post a Comment

Popular posts from this blog

Load Balancing in Bluemix using custom domain and DNS SRV records -

-
i'm trying load balancing of application in bluemix using custom domain , srv record in dns manager. created own doamin ccbluemix.dynu.com , added custom domain bluemix. created application in region , created route custom domain myapp.ccbluemix.dynu.com deployed same application in uk region , created route custom domain myapp.ccbluemix.dynu.com there well. now whenever user hits route want load balancing between , uk region alternate requests served , uk regions. for created srv records like _http._tcp.ccbluemix.dynu.com srv eu-gb.mybluemix.net [priority: 0] [weight: 50] 10 _http._tcp.ccbluemix.dynu.com srv mybluemix.net [priority: 0] [weight: 50] 10 but nothing happening , i'm not able access application using custom route @ all. if create 'a' record cc-load-bal-app.ccbluemix.dynu.com 75.126.81.68 i can access app using custom route ends hitting server. how can achieve load balancing using srv records? wrong creating srv records here? i read ne...
Read more

oracle - pls-00402 alias required in select list of cursor to avoid duplicate column names -

-
my cursor : select xzis.msisdn msisdn, xzis.in_account_number in_account_number xxobw_zte_in_sync xzis not exists (select 1 hz_contact_points hcp, hz_cust_accounts hca hcp.owner_table_id = hca.party_id , hcp.owner_table_name = 'hz_parties' , hcp.phone_number = substr (xzis.msisdn, -8) , nvl (hca.attribute12, 'nil') = xzis.in_account_number); i have given alias columns, still facing issue. suggestions? it's cursor. 1 has no such problems. problem is, when you're joining 2 tables, or apply wrong aliases in subselect, cursor may @ end return 2 columns same name/alias. the problem not need alias, no 2 columns can have same alias (the name counting alias, when no alias given). apparently has happened, far can tell, it's ...
Read more

python - Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>] error -

-
Image
i getting same error when python manage.py runserver. there no such error when have ubuntu 15.10. got started when upgraded ubuntu 16.04. question might duplicate have tried solution provided question have applied command dpkg --configure -a, have done apt-get update,upgrade,dist-upgrade, clean, -f install. have reinstalled python2.7 , python3 no success though. here screenshot while trying run django application i got after re-installing python please me? bashrc file # ~/.bashrc: executed bash(1) non-login shells. # see /usr/share/doc/bash/examples/startup-files (in package bash-doc) # examples # if not running interactively, don't case $- in *i*) ;; *) return;; esac export pythonhome="/usr/bin/python" echo $virtualenvwrapper_python echo 'tushant' # don't put duplicate lines or lines starting space in history. # see bash(1) more options histcontrol=ignoreboth # append history file, don't overwrite shopt -s histappend # setting h...
Read more