Open
Bug 1344497
Opened 7 years ago
Updated 7 years ago
Safari doesn't indicate html5 required form fields, leading to confusion / inability to "save changes"
Categories
(bugzilla.mozilla.org :: General, defect, P3)
Tracking
()
NEW
People
(Reporter: jwhitlock, Unassigned)
References
()
Details
When creating a bug, Safari 10.0.3 (desktop) reports: Failed to set referrer policy: The value 'origin-when-crossorigin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'. This may be the HTML that triggers it: <meta name="referrer" content="origin-when-crossorigin"><link rel="shortcut icon" href="extensions/BMO/web/images/favicon.ico"><meta name="robots" content="noarchive"> When viewing a bug (https://bugzilla.mozilla.org/show_bug.cgi?id=1344493), I get this error as well as: Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. Headers are: X-content-security-policy: default-src 'self'; child-src 'self' https://ashughes1.github.io/bugzilla-socorro-lens/chart.htm; connect-src 'self' https://brasstacks.mozilla.com/orangefactor/api/count https://reviewboard.mozilla.org/api/extensions/mozreview.extension.MozReviewExtension/summary/; img-src 'self' https://secure.gravatar.com https://bug1344493.bmoattachments.org/; object-src https://bugzilla.mozilla.org/extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf; script-src 'self' 'nonce-Io0exvPKZZFx31tZQ4Tr1K7efnfxtGTeyw53KRaajRzzYvgb' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; form-action 'self' https://www.google.com/search https://github.com/login/oauth/authorize https://github.com/login Content-security-policy: default-src 'self'; child-src 'self' https://ashughes1.github.io/bugzilla-socorro-lens/chart.htm; connect-src 'self' https://brasstacks.mozilla.com/orangefactor/api/count https://reviewboard.mozilla.org/api/extensions/mozreview.extension.MozReviewExtension/summary/; img-src 'self' https://secure.gravatar.com https://bug1344493.bmoattachments.org/; object-src https://bugzilla.mozilla.org/extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf; script-src 'self' 'nonce-Io0exvPKZZFx31tZQ4Tr1K7efnfxtGTeyw53KRaajRzzYvgb' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; form-action 'self' https://www.google.com/search https://github.com/login/oauth/authorize https://github.com/login It does not say which script had an issue, but I am unable to change the product and component from Mozilla Developer Network / Security to NSS / Tests. In Chrome 56.0.2924.87, I am able to set the product and component. The Tracking Version and Target are highlighted in red, to show that they must be changed as well. This may be the script that is unable to load.
Reporter | ||
Updated•7 years ago
|
Summary: Safari errors on CSP referrer policy, can't change product → Safari errors on CSP referrer, script nonce, can't change product
Comment 1•7 years ago
|
||
Both of those warnings are harmless (I think). The script error is jquery checking for onclick (unless I'm mistaken, I'll take a look). The second one is safari not supporting "origin-when-crossorigin" The actual problem is that Safari doesn't entirely support the html5 form validation :required attribute. Adding https://bugs.webkit.org/show_bug.cgi?id=28649 as a see-also. I'll see there is an easy work around for this on monday.
Priority: -- → P2
See Also: → https://bugs.webkit.org/show_bug.cgi?id=28649
Comment 2•7 years ago
|
||
This will need a polyfill. It doesn't *prevent* Safari from operating so adjusting the priority down.
Priority: P2 → P3
Updated•7 years ago
|
Summary: Safari errors on CSP referrer, script nonce, can't change product → Safari doesn't indicate html5 required form fields, leading to confusion / inability to "save changes"
You need to log in
before you can comment on or make changes to this bug.
Description
•