Open Bug 1344497 Opened 7 years ago Updated 7 years ago

Safari doesn't indicate html5 required form fields, leading to confusion / inability to "save changes"

Categories

(bugzilla.mozilla.org :: General, defect, P3)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Platform:
x86_64
macOS
Type:
defect

Tracking

()

People

(Reporter: jwhitlock, Unassigned)

References

(
URL
)

Details

When creating a bug, Safari 10.0.3 (desktop) reports:

Failed to set referrer policy: The value 'origin-when-crossorigin' is not one of 'no-referrer', 'origin', 'no-referrer-when-downgrade', or 'unsafe-url'. Defaulting to 'no-referrer'.

This may be the HTML that triggers it:

<meta name="referrer" content="origin-when-crossorigin"><link rel="shortcut icon" href="extensions/BMO/web/images/favicon.ico"><meta name="robots" content="noarchive">

When viewing a bug (https://bugzilla.mozilla.org/show_bug.cgi?id=1344493), I get this error as well as:

Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy.

Headers are:

X-content-security-policy: default-src 'self'; child-src 'self' https://ashughes1.github.io/bugzilla-socorro-lens/chart.htm; connect-src 'self' https://brasstacks.mozilla.com/orangefactor/api/count https://reviewboard.mozilla.org/api/extensions/mozreview.extension.MozReviewExtension/summary/; img-src 'self' https://secure.gravatar.com https://bug1344493.bmoattachments.org/; object-src https://bugzilla.mozilla.org/extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf; script-src 'self' 'nonce-Io0exvPKZZFx31tZQ4Tr1K7efnfxtGTeyw53KRaajRzzYvgb' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; form-action 'self' https://www.google.com/search https://github.com/login/oauth/authorize https://github.com/login

Content-security-policy: default-src 'self'; child-src 'self' https://ashughes1.github.io/bugzilla-socorro-lens/chart.htm; connect-src 'self' https://brasstacks.mozilla.com/orangefactor/api/count https://reviewboard.mozilla.org/api/extensions/mozreview.extension.MozReviewExtension/summary/; img-src 'self' https://secure.gravatar.com https://bug1344493.bmoattachments.org/; object-src https://bugzilla.mozilla.org/extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf; script-src 'self' 'nonce-Io0exvPKZZFx31tZQ4Tr1K7efnfxtGTeyw53KRaajRzzYvgb' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; form-action 'self' https://www.google.com/search https://github.com/login/oauth/authorize https://github.com/login

It does not say which script had an issue, but I am unable to change the product and component from Mozilla Developer Network / Security to NSS / Tests.

In Chrome 56.0.2924.87, I am able to set the product and component. The Tracking Version and Target are highlighted in red, to show that they must be changed as well.  This may be the script that is unable to load.
Summary: Safari errors on CSP referrer policy, can't change product → Safari errors on CSP referrer, script nonce, can't change product
Both of those warnings are harmless (I think). The script error is jquery checking for onclick (unless I'm mistaken, I'll take a look).

The second one is safari not supporting "origin-when-crossorigin"

The actual problem is that Safari doesn't entirely support the html5 form validation :required attribute.
Adding https://bugs.webkit.org/show_bug.cgi?id=28649 as a see-also.

I'll see there is an easy work around for this on monday.
Priority: -- → P2
See Also: → https://bugs.webkit.org/show_bug.cgi?id=28649
This will need a polyfill. It doesn't *prevent* Safari from operating so adjusting the priority down.
Priority: P2 → P3
Summary: Safari errors on CSP referrer, script nonce, can't change product → Safari doesn't indicate html5 required form fields, leading to confusion / inability to "save changes"
You need to log in before you can comment on or make changes to this bug.