I'm using an userscript that plays a sound and sends some notifications to me, whenever something on a website does change according to my defintions.
Recently, a server-side change that fixed an unrelated XSS exploit prevent those two things as well, as cross site requests are being made:
Refused to connect to 'http://myhomepage.com/mysound.mp3' because it violates the following Content Security Policy directive: "connect-src 'self' https://websitetocheck.com".
What can I do to work around the new server-side restrictions to get back my little sound and notifier?
Any ideas or links would be highly appreciated!
GM_xmlhttpRequest
works cross domain and you may manually set HTTP headers. And also, you may embed the sound file as data URI in your script or use@resource
to require the sound file. Once you have the file content in your script, feed the data URI to<audio>
for palying.