Closed classilla closed 4 years ago
security.csp.experimentalEnabled
doesn't fix anything.
Content Security Policy: The page's settings blocked the loading of a resource at about:blank ("base-uri https://tim-bmc"). <unknown>
Content Security Policy: The page's settings blocked the loading of a resource at self ("default-src https://tim-bmc"). tim-bmc:1:0
Content Security Policy: The page's settings blocked the loading of a resource at self ("style-src https://tim-bmc"). tim-bmc:1:0
Content Security Policy: The page's settings blocked the loading of a resource at wss://tim-bmc/subscribe ("default-src https://tim-bmc"). <unknown>
There were two distinct issues: self
was not being handled properly for inline resources, and wss://
needed to be special-cased. This works now.
It seems to be the
self
issue.