sseaman
commented
2 years ago This does not seem related to Suqare's Swagger API specification so we are resolving this issue. Please reopen if this is still a concern.
Closed jabcreations closed 2 years ago
sseaman
commented
2 years ago This does not seem related to Suqare's Swagger API specification so we are resolving this issue. Please reopen if this is still a concern.
I was doing some last audits and discovered that numerous Gecko based browsers are failing some Content Security Policies.
Waterfox 56.2.2: Fail Palemoon 28.0 (Last major update release on August 16, 2018 to Gecko 56/Firefox 56) Firefox 52 ESR: Fail Firefox 57: Fail Firefox 58: Pass Firefox 61: Pass
Apparently Gecko 57 and older handle (or outright don't) Content-Security-Policy differently than Gecko 58+. Everyone using Palemoon or Waterfox is doing so because of Mozilla's outright anti-end user hostility over the past few years; the ability to control our browsing environment (our work environment) is more important than blindly copying Google. These browsers are all up to date.
The developer console returns several errors such as the following:
According to Can-I-Use Content Security Policy 1.0 is supported by Gecko 56 and Content Security Policy 2.0 supports everything except plugins. So this will likely be some sort of minor bug. I would try to offer more insight though I've actually avoided implementing this header in to my platform due to it's excessive complexity and lack of demand from my customer base at the moment. So this looks like it's entirely out of my hands. Could we please get a quick reproduction confirmation?
Besides an unrelated bug I just fixed it appears that my sandbox is able to still work, at least in Waterfox 56. There may be some unknown / non-verbal after effects caused from this bug.