DenisHdz
commented
4 years ago Blocked on fixing https://github.com/bbc/simorgh/issues/7214 so we can debug this locally and understand why these CSP erros just appear when the ads are on the page.
Closed sareh closed 4 years ago
DenisHdz
commented
4 years ago Blocked on fixing https://github.com/bbc/simorgh/issues/7214 so we can debug this locally and understand why these CSP erros just appear when the ads are on the page.
DenisHdz
commented
4 years ago In order to replicate this locally in Safari, we should set the upgrade-insecure-requests header to false as indicated in https://github.com/bbc/simorgh/issues/7214#issuecomment-660137486
mmcculloch
commented
4 years ago The "refused to load" errors shown have been fixed by another issue.
Safari doesn't support worker-src and report-src, these are supported by other browsers so we do not wish to remove them. We concluded that we should close this issue without change as this is likely a feature that will be added in future Safari versions.
Describe the bug When visiting a home page with ads on Test, in Safari, there are content security policy header errors.
To Reproduce Steps to reproduce the behaviour:
Use Safari
I only see the Safari error on front pages https://www.test.bbc.com/mundo not on other pages like most read https://www.test.bbc.com/mundo/popular/read or MAPs https://www.test.bbc.com/mundo/aprenda-ingles-23049220
This is unexpected, since the Content Security Policy Header is applied to all pages. The main difference is that we're loading adverts on home page.
When looking at the console for another home page without ads, e.g. https://www.test.bbc.com/afaanoromoo, there are no errors.
Expected behaviour No errors
Screenshots Screenshot of the mundo canonical home page in Safari - you can see the
Desktop (please complete the following information):
Smartphone (please complete the following information): (Not tested on iPhone Safari - would be good to test to see the usecase)
Testing notes
Additional context Add any other context about the problem here.