Closed
Bug 1094053
Opened 10 years ago
Closed 6 years ago
Firefox OS 2.0~ simulator cannot connect twitter oauth or any other page with CSP directive like: frame-ancestors https://*:*
Categories
(Firefox OS Graveyard :: Simulator, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: bugzilla, Unassigned)
Details
In Firefox OS Simulator, we cannot connect to Twitter OAuth page: https://api.twitter.com/oauth/authenticate?oauth_token=********** Error message: Unable to connect A network error occurred while trying to reach the site. At that time, CSP violation report will be send to: https://twitter.com/i/csp_report?a=********&ro=false {"csp-report":{ "document-uri":"https://api.twitter.com/oauth/authenticate?oauth_token=**********", "referrer":"https://atnd.org/login", "blocked-uri":"app://browser.gaiamobile.org/index.html", "violated-directive":"frame-ancestors https://*:*"} } CSP directive "frame-ancestors https://*:*" require parent frame origin use https:// but Browser's origin use app://. I believe this cause CSP error. In simulator, Browser should not be treated as parent frame of CSP content. # works fine on FxOS devices, reproduced only on Simulator
Reporter | ||
Updated•10 years ago
|
Summary: Unable to connect twitter oauth or any other page with CSP directive liek frame-ancestors https://*:* → Unable to connect twitter oauth or any other page with CSP directive like: frame-ancestors https://*:*
Reporter | ||
Comment 1•10 years ago
|
||
One more note: CSP directive of Twitter OAuth page (https://api.twitter.com/oauth/authenticate?oauth_token=**********) is: content-security-policy: "default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; report-uri https://twitter.com/i/csp_report?a=**********&ro=false;"
Reporter | ||
Comment 2•10 years ago
|
||
(In reply to dynamis (Tomoya ASAI) from comment #0) > In simulator, Browser should not be treated as parent frame of CSP content. > # works fine on FxOS devices, reproduced only on Simulator reproduced only on Simulator 2.0 or later: Reproduced on Firefox OS Simulator 2.2 Reproduced on Firefox OS Simulator 2.0 Works fine on Firefox OS Simulator 1.4
Reporter | ||
Updated•10 years ago
|
Summary: Unable to connect twitter oauth or any other page with CSP directive like: frame-ancestors https://*:* → Firefox OS 2.0~ simulator cannot connect twitter oauth or any other page with CSP directive like: frame-ancestors https://*:*
Alex, since this works on devices apparently, would it be an issue with the simulator being non-OOP, or something else?
Flags: needinfo?(poirot.alex)
Comment 4•10 years ago
|
||
It looks like it, it seems to work if I enable OOP, but the rocketbar crashes when OOP is on so that it becomes very hard to open a URL :s Having said that, ideally, CSP would also work in non-OOP...
Flags: needinfo?(poirot.alex)
Comment 5•6 years ago
|
||
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•