I see a couple of things being blocked by CSP. Most notably: Content Security Policy: The page's settings blocked the loading of a resource at https://login.persona.org/communication_iframe ("default-src https://mozillians.org http://*.mapbox.com https://*.mapbox.com"). I'm using Fx Developer Edition 46.0a2
I see the same behavior in latest Chrome.
I re-assigned the bug in accordance with :nemo. PR opened here https://github.com/mozilla/mozillians/pull/1363
Commits pushed to master at https://github.com/mozilla/mozillians https://github.com/mozilla/mozillians/commit/83e055164034f8f97e609999623237eeb0d188f1 [fix bug 1254394] Add persona to csp-src headers. https://github.com/mozilla/mozillians/commit/6dde292ab61525c64dff2af86d6c664510ecf0f3 Merge pull request #1363 from akatsoulas/csp-persona [fix bug 1254394] Add persona to csp-src headers.
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
Verified on stage: * CSP security warning existing on prod seems to be fixed in stage.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.