Open kai3341 opened 1 year ago
We appreciate your report. I was able to reproduce the issue. The console shows the warnings and some additional errors.
Tested with:
Browser / Version: Firefox Release 114.0 (64-bit)/ Firefox Nightly 116.0a1 (2023-06-08) (64-bit) Operating System: Ubuntu 22.4 LTS x64
Notes:
Moving this to NeedsDiagnosis for further investigations.
[qa_23/2023]
The warnings I see are just Firefox ignoring some directives that are not yet fully supported by Firefox. @kai3341, is there anything actually broken on the site, or are you just concerned about the warnings? If you're concerned about the warnings but nothing is broken, it's relatively fair to say that you can ignore those. Firefox CSP Level 3 work is still ongoing, so this is fine.
@denschub It looks nothing is broken. Root of this issue was weird behavior of CSP warnings
I saw similar behavior in different product for a years ago, and there problems were because memory wasn't clear after previous usage. So, I was afraid in current case I see the symptom of uninitialized memory usage. That's why I created this issue
And other, for your information. I see some difference between Firefox and Chromium:
1) Chromium doesn't recognize data:
scheme. But both of them understand blob:
2) Chromium's SCP warnings are done much better
URL: https://flattyestate.net/xc/en/users/sign-up
Browser / Version: Firefox 113.0 Operating System: Linux Tested Another Browser: Yes Chrome
Problem type: Something else Description: Content Secutiry Policy: weird Steps to Reproduce: I see warnings about
script-src
section, BUT these settings I've add intostyle-src
sectionThere are NO settings
data:
,'unsafe-inline'
,https:
settings atscript-src
, they are atstyle-src
andconnect-src
Also I see warning about setting
http:
. OK, it WAS an error, I fixed it and right not I can't find the texthttp:
on the page. But after force page refresh I still see SCP warning. The most funny I see similar but not the same picture inPrivate Mode
But I don't see these warnings in Chromium.
Maybe I don't see something important, so it's my error. But on my experience this behavior happens when memory is not reinitialized correctly
View the screenshot
Browser Configuration
From webcompat.com with ❤️