#179 forms.google.com cannot type or select on a form

Closed
opened 2 weeks ago by unbeatable-101 · 21 comments

Please note the following tips

  • Does the website work after you activate the second switch to filter the HTML source code? No, not even if I do the first switch, I must diable from addons settings.

  • Is there already an existing issue? (Search for the URL, e.g. "codeberg.org" or "localcdn.org") No

  • Does the website use a strict SOP? Wiki article: Yes

  • Which browser do you use? Chromium-based browsers do not support all features of LocalCDN. Wiki article: Firefox

## Please note the following tips * Does the website work after you activate the second switch to filter the HTML source code? No, not even if I do the first switch, I must diable from addons settings. * Is there already an existing issue? (Search for the URL, e.g. "codeberg.org" or "localcdn.org") No * Does the website use a strict SOP? Wiki article: Yes * Which browser do you use? Chromium-based browsers do not support all features of LocalCDN. Wiki article: Firefox
nobody commented 2 weeks ago
Poster
Owner

When I open the URL I've to register/login, but I don't have a Google Account 😉

I think the website isn't working because things are blocked. These two URLs are monitored by LocalCDN: fonts.googleapis.com and www.gstatic.com

In the Firefox menu choose "Web Developer" -> "Network" to see the blocked items. (activate "Disable Cache" if necessary). Would be great if you can make a screenshot of it.

When I open the URL I've to register/login, but I don't have a Google Account :wink: I think the website isn't working because things are blocked. These two URLs are monitored by LocalCDN: [`fonts.googleapis.com`](https://codeberg.org/nobody/LocalCDN/src/commit/3082e6644785510b416757303ab555ee470ad68f/core/mappings.js#L530) and [`www.gstatic.com`](https://codeberg.org/nobody/LocalCDN/src/commit/3082e6644785510b416757303ab555ee470ad68f/core/mappings.js#L889) In the Firefox menu choose "Web Developer" -> "Network" to see the blocked items. (activate "Disable Cache" if necessary). Would be great if you can make a screenshot of it.
Poster

@nobody
You can reproduce the bug by visiting a survey URL, e.g.
https://docs.google.com/forms/d/e/1FAIpQLSeMXkIapddTjXY2z-tlQjDsGzI7x2FKvqGZsCc8s1RlkmVYZQ/viewform

This bug does not occur in 2.5.6.
In 2.5.7 the form cannot be filled out (cannot choose or type anything).

But the only replaced resource is:
[ LocalCDN ] Replaced resource: resources/google-material-design-icons/google-material-design-icons.css

Which commit causes the problem?

@nobody You can reproduce the bug by visiting a survey URL, e.g. `https://docs.google.com/forms/d/e/1FAIpQLSeMXkIapddTjXY2z-tlQjDsGzI7x2FKvqGZsCc8s1RlkmVYZQ/viewform` This bug does **not** occur in 2.5.6. In 2.5.7 the form cannot be filled out (cannot choose or type anything). But the only replaced resource is: `[ LocalCDN ] Replaced resource: resources/google-material-design-icons/google-material-design-icons.css` Which commit causes the problem?
Poster

By the way, the above example URL requests Material Icons Extended:
https://fonts.googleapis.com/icon?family=Material+Icons+Extended

But the replaced resource is not Extended...

By the way, the above example URL requests Material Icons **Extended**: `https://fonts.googleapis.com/icon?family=Material+Icons+Extended` But the [replaced resource](https://codeberg.org/nobody/LocalCDN/src/branch/main/resources/google-material-design-icons/google-material-design-icons.css) is not Extended...
unbeatable-101 changed title from forms.google.com cannot type or select to forms.google.com cannot type or select on a form 2 weeks ago
nobody commented 2 weeks ago
Poster
Owner

You can reproduce the bug by visiting a survey URL

Thank you very much! 😊 👍

This bug does not occur in 2.5.6. [...] Which commit causes the problem?

It's not a bug, because www.gstatic.com is also a CDN and is used for Google Charts (c23fc4365e). The same domain is also used to integrate everything else for the Google survey. LocalCDN doesn't have these individual CSS, JavaScript and fonts. If you forbid loading of non-existent resources, the individual resources cannot be loaded. You are already using a Google service so it is easier to disable LocalCDN there.

I have excluded this domain from the rule generator. The connection must be allowed by an adblocker.

The screenshot shows which requests were blocked.

> You can reproduce the bug by visiting a survey URL Thank you very much! :blush: :+1: > This bug does not occur in 2.5.6. [...] Which commit causes the problem? It's not a bug, because `www.gstatic.com` is also a CDN and is used for Google Charts (c23fc4365e). The same domain is also used to integrate everything else for the Google survey. LocalCDN doesn't have these individual CSS, JavaScript and fonts. If you forbid loading of non-existent resources, the individual resources cannot be loaded. You are already using a Google service so it is easier to disable LocalCDN there. [I have excluded this domain from the rule generator](https://codeberg.org/nobody/LocalCDN/src/commit/c23fc4365ea29ea76aa16986d1fe2eae4b6525ea/modules/internal/rule-generator.js#L36). The connection must be allowed by an adblocker. The screenshot shows which requests were blocked.
Poster

By the way, the above example URL requests Material Icons Extended:
https://fonts.googleapis.com/icon?family=Material+Icons+Extended

But the replaced resource is not Extended...

I don't think that is the problem, the only way to make google forms work is to actualy disable LocalCDN from about:addons, I tested in a new firefox profile with nothing changed and localCDN installed, found the same thing.

The log also had no errors

> By the way, the above example URL requests Material Icons **Extended**: > `https://fonts.googleapis.com/icon?family=Material+Icons+Extended` > > But the [replaced resource](https://codeberg.org/nobody/LocalCDN/src/branch/main/resources/google-material-design-icons/google-material-design-icons.css) is not Extended... I don't think that is the problem, the only way to make google forms work is to actualy disable LocalCDN from about:addons, I tested in a new firefox profile with nothing changed and localCDN installed, found the same thing. The log also had no errors
nobody commented 2 weeks ago
Poster
Owner

By the way, the above example URL requests Material Icons Extended

Oh yes, I forgot to answer the question about "Material Icons Extended". In the official documentation I can't find any information about what this is exactly and what the difference to "normal" is. I don't even know if it' s allowed to use it for free (but I think it's free)


I don’t think that is the problem, the only way to make google forms work is to actualy disable LocalCDN from about:addons

😮

@unbeatable-101: Can you give more information? Operating system, Firefox version and open the browser console (not web console)? [CTRL + Shift + J]

> By the way, the above example URL requests Material Icons Extended Oh yes, I forgot to answer the question about "Material Icons Extended". In the official documentation I can't find any information about what this is exactly and what the difference to "normal" is. I don't even know if it' s allowed to use it for free (but I think it's free) --- > I don’t think that is the problem, the only way to make google forms work is to actualy disable LocalCDN from about:addons :open_mouth: @unbeatable-101: Can you give more information? Operating system, Firefox version and open the browser console (not web console)? `[CTRL + Shift + J]`
nobody commented 2 weeks ago
Poster
Owner

I just tested this with a laptop of a friend (current Windows 10). I was not able to reproduce the problem with the LocalCDN popup there. Also with my Debian 10 and Ubuntu 20.04 the popup works fine 🤔

The form cannot be filled out on all systems because the non-existent resources from the CDN (www.gstatic.com) are blocked.

I just tested this with a laptop of a friend (current Windows 10). I was not able to reproduce the problem with the LocalCDN popup there. Also with my Debian 10 and Ubuntu 20.04 the popup works fine 🤔 The form cannot be filled out on all systems because the non-existent resources from the CDN (`www.gstatic.com`) are blocked.
Poster

I just tested this with a laptop of a friend (current Windows 10). I was not able to reproduce the problem with the LocalCDN popup there. Also with my Debian 10 and Ubuntu 20.04 the popup works fine 🤔

You mean that disabling localCDN works fine?

The form cannot be filled out on all systems because the non-existent resources from the CDN (www.gstatic.com) are blocked.

So this can be fixed by adding them, correct?

> I just tested this with a laptop of a friend (current Windows 10). I was not able to reproduce the problem with the LocalCDN popup there. Also with my Debian 10 and Ubuntu 20.04 the popup works fine 🤔 You mean that disabling localCDN works fine? > The form cannot be filled out on all systems because the non-existent resources from the CDN (www.gstatic.com) are blocked. So this can be fixed by adding them, correct?
Poster

@nobody

There are 2 points that I found weird:

  1. The "block non-existent resources" option is not enabled (in 2.5.6 and 2.5.7), and the form can be filled out in an older version of LocalCDN.
  2. Even if I disable docs.google.com in options, the form cannot be filled out. I can see many CORS errors in the console. (e.g. https://www.gstatic.com/_/freebird/_/js/k=freebird.v.nl.iKAWpA_Xyb4.O/d=0/ct=zgms/rs=AMjVe6he9ChkuhDy2kUho8XDCi3FtH9LmA/m=sy6,sy7,syc,sy8,sy9,sy25,sy27,J8mJTc cannot be loaded)
    As mentioned by @unbeatable-101, LocalCDN 2.5.7 must be completely disabled in about:addons to make the form work.

(My adblocker is in Easy Mode so rule generator is not applicable.)

Once downgraded to 2.5.6, the form works 100% of the time. I think it is very likely that something in 2.5.7 is causing this problem.

@nobody There are 2 points that I found weird: 1. The "block non-existent resources" option is **not enabled** (in 2.5.6 and 2.5.7), and the form can be filled out in an older version of LocalCDN. 2. Even if I disable `docs.google.com` in options, the form cannot be filled out. I can see many CORS errors in the console. (e.g. `https://www.gstatic.com/_/freebird/_/js/k=freebird.v.nl.iKAWpA_Xyb4.O/d=0/ct=zgms/rs=AMjVe6he9ChkuhDy2kUho8XDCi3FtH9LmA/m=sy6,sy7,syc,sy8,sy9,sy25,sy27,J8mJTc` cannot be loaded) As mentioned by @unbeatable-101, LocalCDN 2.5.7 must be completely disabled in about:addons to make the form work. (My adblocker is in Easy Mode so rule generator is not applicable.) Once downgraded to 2.5.6, the form works 100% of the time. I think it is very likely that something in 2.5.7 is causing this problem.
nobody commented 2 weeks ago
Poster
Owner

Thanks, but we are talking about 2 problems.

  1. open the popup/panel of LocalCDN (video of @unbeatable-101)
  2. filling out the form

  1. I cannot reproduce this problem (Windows 10, Debian 10, Xubuntu 20.04)
  2. As a comparison I included Decentraleyes as a temporary extension in a new Firefox profile and added these lines into mappings.js. Result: The form cannot be filled out there, too. So it is definitely caused by listening to the domain www.gstatic.com. The curious thing is that nothing is blocked and LocalCDN and Decentraleyes return the correct object for each request (cancel: false)

It looks like it's a Firefox bug (in webRequest.onBeforeRequest) or the website is doing something with JavaScript that prevents something to work correctly. 🤔

Thanks, but we are talking about 2 problems. 1. open the popup/panel of LocalCDN (video of @unbeatable-101) 2. filling out the form --- 1. I cannot reproduce this problem (Windows 10, Debian 10, Xubuntu 20.04) 2. As a comparison I included Decentraleyes as a temporary extension in a new Firefox profile and [added these lines](https://codeberg.org/nobody/LocalCDN/src/branch/develop/core/mappings.js#L889-L893) into mappings.js. **Result:** The form cannot be filled out there, too. So it is definitely caused by listening to the domain `www.gstatic.com`. The curious thing is that nothing is blocked and LocalCDN and Decentraleyes return the correct object for each request (`cancel: false`) It looks like it's a Firefox bug (in [webRequest.onBeforeRequest](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onBeforeRequest)) or the website is doing something with JavaScript that prevents something to work correctly. 🤔
Poster

we are talking about 2 problems.

Oh, you are right.

Popup/panel issue

I cannot reproduce this problem too. (Linux, Firefox Nightly)

Filling out the form

It looks like it’s a Firefox bug

Unfortunately the Chrome / Chromium port of LocalCDN is still 2.5.6. When it is updated to 2.5.7, if the form works in Chromium but not Firefox, then maybe it is indeed a Firefox bug.

> we are talking about 2 problems. Oh, you are right. ##### Popup/panel issue I cannot reproduce this problem too. (Linux, Firefox Nightly) ##### Filling out the form > It looks like it’s a Firefox bug Unfortunately the Chrome / Chromium port of LocalCDN is still 2.5.6. When it is updated to 2.5.7, if the form works in Chromium but not Firefox, then maybe it is indeed a Firefox bug.
nobody commented 2 weeks ago
Poster
Owner

if the form works in Chromium but not Firefox, then maybe it is indeed a Firefox bug

Thanks, very good point! I have already forgotten the chromium! 😄 The Chromium Browser also has a developer mode for temporary extensions, see here.

Result: There the form works for me. So this is really a Firefox bug.

> if the form works in Chromium but not Firefox, then maybe it is indeed a Firefox bug Thanks, very good point! I have already forgotten the chromium! :smile: The Chromium Browser also has a developer mode for temporary extensions, see [here](https://gitlab.com/nobody42/localcdn/-/wikis/Install-on-Chromium-based-browsers). Result: There the form works for me. So this is really a Firefox bug.
Poster

Is Mozilla Bug 1552715 related?
(But it is about data:text/html ......)

By the way, since it is a Firefox bug, how would you workaround it?
Google Forms is accessed by many users and breaking this website's functionality is not ideal. How about temporarily not listening to www.gstatic.com?

Is [Mozilla Bug 1552715](https://bugzilla.mozilla.org/show_bug.cgi?id=1552715) related? (But it is about data:text/html ......) By the way, since it is a Firefox bug, how would you workaround it? Google Forms is accessed by many users and breaking this website's functionality is not ideal. How about temporarily not listening to `www.gstatic.com`?
Poster

open the popup/panel of LocalCDN

Around 00:43 in the video? I had the pop-up there, it just didn't show in the video for some reason, I kept clicking it because the overlay of the windows gamebar screen recorder was in the way, it is not an issue.

@unbeatable-101: Can you give more information? Operating system, Firefox version and open the browser console (not web console)? [CTRL + Shift + J]

Windows 10 20H2, build 19042.630
Firefox beta, version 84.0b3

Here is the log with localCDN disabled from the popup:

Content Security Policy: Ignoring “'unsafe-inline'” within script-src: “strict-dynamic” specified
Content Security Policy: Ignoring “https:” within script-src: “strict-dynamic” specified
Content Security Policy: Ignoring “http:” within script-src: “strict-dynamic” specified
[ LocalCDN ] Replaced resource: resources/google-material-design-icons/google-material-design-icons.css request-analyzer.js:132:21
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc. (Reason: CORS header “Access-Control-Allow-Origin” missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc. (Reason: CORS header “Access-Control-Allow-Origin” missing).

Here is the log with localCDN enabled from the popup:

Content Security Policy: Ignoring “'unsafe-inline'” within script-src: “strict-dynamic” specified
Content Security Policy: Ignoring “https:” within script-src: “strict-dynamic” specified
Content Security Policy: Ignoring “http:” within script-src: “strict-dynamic” specified
[ LocalCDN ] Replaced resource: resources/google-material-design-icons/google-material-design-icons.css request-analyzer.js:132:21
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc. (Reason: CORS header “Access-Control-Allow-Origin” missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com//freebird//js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc. (Reason: CORS header “Access-Control-Allow-Origin” missing).

This was on a profile that only had default settings and localCDN installed

> open the popup/panel of LocalCDN Around 00:43 in the video? I had the pop-up there, it just didn't show in the video for some reason, I kept clicking it because the overlay of the windows gamebar screen recorder was in the way, it is not an issue. > @unbeatable-101: Can you give more information? Operating system, Firefox version and open the browser console (not web console)? [CTRL + Shift + J] Windows 10 20H2, build 19042.630 Firefox beta, version 84.0b3 Here is the log with localCDN disabled from the popup: > Content Security Policy: Ignoring “'unsafe-inline'” within script-src: “strict-dynamic” specified Content Security Policy: Ignoring “https:” within script-src: “strict-dynamic” specified Content Security Policy: Ignoring “http:” within script-src: “strict-dynamic” specified [ LocalCDN ] Replaced resource: resources/google-material-design-icons/google-material-design-icons.css request-analyzer.js:132:21 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW > Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW > Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc. (Reason: CORS header “Access-Control-Allow-Origin” missing). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc. (Reason: CORS header “Access-Control-Allow-Origin” missing). Here is the log with localCDN enabled from the popup: > Content Security Policy: Ignoring “'unsafe-inline'” within script-src: “strict-dynamic” specified Content Security Policy: Ignoring “https:” within script-src: “strict-dynamic” specified Content Security Policy: Ignoring “http:” within script-src: “strict-dynamic” specified [ LocalCDN ] Replaced resource: resources/google-material-design-icons/google-material-design-icons.css request-analyzer.js:132:21 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW > Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW > Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc,sy0,syz,sy10,sy1,sy11,sy48,sy2b,sy4b,V3dDOb,sy1n,gkf10d,j2YlP,sy6,sy7,syc,sy8,sy9,sy25,sy27,OShpD,De38hd,sy1c,Sk9apb,J8mJTc,UUJqVe,sy12,eFy6Rc,sy2,CP1oW,syu,sy29,sy45,KornIe,sym,syk,sy1h,sy2j,syg,sy2k,sy1w,sy3e,pxq3x,syx,sy1v,O6y8ed,sy3k,sy3f,sy3l,syd,sy3g,sy3m,Xhpexc,Q91hve,sya,syb,sy20,sy3,sy21,sy23,sy24,mRfQQ,sy3b,sy3a,CFa0o,MpJwZc,Y9atKf,s39S4,wPRNsd,L1AAkb,sy4x,KUM7Z,QvB8bb,bCfhJc,sy39,syi,u9ZRK,pItcJd,yZuGp,aW3pY,YLQSd,sy2a,sy2d,sy4d,I6YDgd,sy2r,sy2s,sy4y,sy2u,sy2v,sy35,uiNkee,sy2q,sy36,sy37,sy38,sy49,sy4c,sy5a,sy5b,fgj8Rb,sy50,sy51,xQtZb,IvDHfc,p2tbsc,d8PXFf,atgb9d,sy14,sy15,sy16,sy17,sy18,LxALBf,rHjpXd,sy4z,SM1lmd,QwQO1b,WdhPgc,JCrucd,ok0nye,sy2o,sy2l,sy2m,sy2p,sy2t,sy2c,sy2g,sy22,sy3h,sy3i,sy1x,sy2z,sy3c,sy3j,sy3p,sy2e,sy2f,sy2h,sy2i,sy2n,sy3o,OqIW Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc. (Reason: CORS header “Access-Control-Allow-Origin” missing). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.gstatic.com/_/freebird/_/js/k=freebird.v.en_GB.x0Pqdx8P-QE.O/d=0/ct=zgms/rs=AMjVe6j1FF2vFuOQp-I7CdDSxQzRj0Qjug/m=NpD4ec,ws9Tlc. (Reason: CORS header “Access-Control-Allow-Origin” missing). This was on a profile that only had default settings and localCDN installed
nobody commented 2 weeks ago
Poster
Owner

Thanks to you both for the information. I've just had a closer look at it and I can already tell you: It's not a bug of LocalCDN or Firefox 😉

If the option Strip metadata from allowed requests is activated, the following information is removed from the request:

Referer: https://docs.google.com/
Origin: https://docs.google.com

Google has specified that this script can only be included from docs.google.com. If this information (Origin) is missing, it won't be loaded/executed and you are not able to fill out the form.

how would you workaround it?

Maybe later. At the moment it's the first time something like this has happened. Also at Decentraleyes I can't find a related issue. If I was forced to use Google Forms, I would switch to the privacy mode of Firefox. (If LocalCDN is deactivated there)


Around 00:43 in the video? I had the pop-up there, it just didn’t show in the video for some reason, I kept clicking it because the overlay of the windows gamebar screen recorder was in the way, it is not an issue.

😂 🙈 Okay, thanks for the clarification 👍 👍

Thanks to you both for the information. I've just had a closer look at it and I can already tell you: It's not a bug of LocalCDN or Firefox :wink: If the option `Strip metadata from allowed requests` is activated, the following information is removed from the request: ``` Referer: https://docs.google.com/ Origin: https://docs.google.com ``` Google has specified that this script can only be included from `docs.google.com`. If this information (`Origin`) is missing, it won't be loaded/executed and you are not able to fill out the form. > how would you workaround it? Maybe later. At the moment it's the first time something like this has happened. Also at Decentraleyes I can't find a related issue. If I was forced to use Google Forms, I would switch to the privacy mode of Firefox. (If LocalCDN is deactivated there) --- > Around 00:43 in the video? I had the pop-up there, it just didn’t show in the video for some reason, I kept clicking it because the overlay of the windows gamebar screen recorder was in the way, it is not an issue. :joy: :see_no_evil: Okay, thanks for the clarification 👍 👍
Poster

If this issue affects more websites in the future, would you consider adding a way to make exeptions to Strip metadata from allowed requests? For now I'll just use private mode, Thank you for your help!

If this issue affects more websites in the future, would you consider adding a way to make exeptions to `Strip metadata from allowed requests`? For now I'll just use private mode, Thank you for your help!
nobody commented 2 weeks ago
Poster
Owner

Yes, but I will still think about it in the next days 😉

Yes, but I will still think about it in the next days 😉
Poster

Google has specified that this script can only be included from docs.google.com.

What are the steps in Firefox to check whether a script can only be included from a specific domain?

> Google has specified that this script can only be included from `docs.google.com`. What are the steps in Firefox to check whether a script can only be included from a specific domain?
Poster

By the way, is strip metadata from allowed requests compatible with Chromium?

If LocalCDN 2.5.7 with strip metadata from allowed requests enabled on Chromium lets you use Google Forms, doesn't that mean Referer and Origin are not stripped in Chromium?

By the way, is `strip metadata from allowed requests` compatible with Chromium? If LocalCDN 2.5.7 with `strip metadata from allowed requests` enabled on Chromium lets you use Google Forms, doesn't that mean Referer and Origin are not stripped in Chromium?
Poster

The weirdest thing sbout this issue is it persists after disabling localCDN from the pop-up menu and I need to disable it in about:addons, everything else makes sense. Any idea why @nobody?

The weirdest thing sbout this issue is it persists after disabling localCDN from the pop-up menu and I need to disable it in about:addons, everything else makes sense. Any idea why @nobody?
nobody commented 1 week ago
Poster
Owner

@fyjzjj3yva:

What are the steps in Firefox to check whether a script can only be included from a specific domain?

This is determined by the web server with "Access-Control-Allow-Origin" (more info)

By the way, is strip metadata from allowed requests compatible with Chromium?

According to the documentation it should be supported. Why this does not work with chrome should be checked out in detail sometime.


@unbeatable-101:

Any idea why?

Yes, because strip metadata from allowed requests is independent of the status of LocalCDN (domain whitelisted or not). If activated, it's always applied to all CDNs. This was not a problem until now, because LocalCDN <2.5.7 (and Decentraleyes) only supported CDNs that are a real CDN. The problem is that www.gstatic.com is not only a CDN. They don't only include frameworks. Such mixes are crap.

@fyjzjj3yva: > What are the steps in Firefox to check whether a script can only be included from a specific domain? This is determined by the web server with "Access-Control-Allow-Origin" ([more info](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)) > By the way, is strip metadata from allowed requests compatible with Chromium? According to the [documentation](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/onBeforeSendHeaders) it should be supported. Why this does not work with chrome should be checked out in detail sometime. --- @unbeatable-101: > Any idea why? Yes, because `strip metadata from allowed requests` is independent of the status of LocalCDN (domain whitelisted or not). If activated, it's always applied to all CDNs. This was not a problem until now, because LocalCDN <2.5.7 (and Decentraleyes) only supported CDNs that are a real CDN. The problem is that `www.gstatic.com` is not only a CDN. They don't only include frameworks. Such mixes are crap.
nobody added the
enhancement
label 1 week ago
nobody added this to the v2.5.8 milestone 1 week ago
nobody referenced this issue from a commit 1 week ago
nobody closed this issue 1 week ago
nobody modified the milestone from v2.5.8 to v2.5.9 1 week ago
Sign in to join this conversation.
No Milestone
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.