search

webcompat / web-bugs

A place to report bugs on websites.
https://webcompat.com
Mozilla Public License 2.0
742 stars 65 forks source link

flattyestate.net - Warnings and errors are present in the console #123424

Open kai3341 opened 1 year ago

kai3341 commented 1 year ago

URL: https://flattyestate.net/xc/en/users/sign-up

Browser / Version: Firefox 113.0 Operating System: Linux Tested Another Browser: Yes Chrome

Problem type: Something else Description: Content Secutiry Policy: weird Steps to Reproduce: I see warnings about script-src section, BUT these settings I've add into style-src section

There are NO settings data:, 'unsafe-inline', https: settings at script-src, they are at style-src and connect-src

Also I see warning about setting http:. OK, it WAS an error, I fixed it and right not I can't find the text http: on the page. But after force page refresh I still see SCP warning. The most funny I see similar but not the same picture in Private Mode

But I don't see these warnings in Chromium.

Maybe I don't see something important, so it's my error. But on my experience this behavior happens when memory is not reinitialized correctly

View the screenshot Screenshot
Browser Configuration
  • None

From webcompat.com with ❤️

softvision-raul-bucata commented 1 year ago

We appreciate your report. I was able to reproduce the issue. The console shows the warnings and some additional errors.

Tested with:

Browser / Version: Firefox Release 114.0 (64-bit)/ Firefox Nightly 116.0a1 (2023-06-08) (64-bit) Operating System: Ubuntu 22.4 LTS x64

Notes:

  1. Reproducible regardless of the status of ETP.
  2. Reproducible on the latest build of Firefox Nightly and Release.
  3. Works as expected using Chrome (no errors/warnings shown).

Moving this to NeedsDiagnosis for further investigations.

[qa_23/2023]

denschub commented 1 year ago

The warnings I see are just Firefox ignoring some directives that are not yet fully supported by Firefox. @kai3341, is there anything actually broken on the site, or are you just concerned about the warnings? If you're concerned about the warnings but nothing is broken, it's relatively fair to say that you can ignore those. Firefox CSP Level 3 work is still ongoing, so this is fine.

kai3341 commented 1 year ago

@denschub It looks nothing is broken. Root of this issue was weird behavior of CSP warnings

I saw similar behavior in different product for a years ago, and there problems were because memory wasn't clear after previous usage. So, I was afraid in current case I see the symptom of uninitialized memory usage. That's why I created this issue

And other, for your information. I see some difference between Firefox and Chromium: 1) Chromium doesn't recognize data: scheme. But both of them understand blob: 2) Chromium's SCP warnings are done much better