Closed Bug 1426272 Opened 2 years ago Closed 2 years ago

Embedded twitter video doesn't play in Firefox 57, plays in Chrome

Categories

(Core :: DOM: Security, defect)

defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1425672

People

(Reporter: cpearce, Unassigned)

Details

The video in the embedded twitter post in this page doesn't play in Firefox 57 on Ubuntu 17.10 x64, but plays in Chrome:

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=11963001

I'm using the Firefox that Ubuntu's package manager installs.
It doesn't play on my windwos laptop with Firefox 57 and Chrome.
When I click play I see these new error messages added to the web console:

Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive.
Content Security Policy: Directive ‘frame-src’ has been deprecated. Please use directive ‘child-src’ instead.
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src 'unsafe-eval' https://twitter.com http://localhost:* http://localhost.twitter.com:* https://*.twitter.com https://*.twimg.com https://vine.co https://*.vine.co https://*.periscope.tv https://*.pscp.tv”). Source: ;!function(){var t=0,e=function(t,e){ret....
942923692773986304:1
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src 'unsafe-eval' https://twitter.com http://localhost:* http://localhost.twitter.com:* https://*.twitter.com https://*.twimg.com https://vine.co https://*.vine.co https://*.periscope.tv https://*.pscp.tv”). Source: onfocusin attribute on DIV element.
942923692773986304
Content Security Policy: The page’s settings blocked the loading of a resource at blob:https://twitter.com/8a95468c-b7d9-42f9-a6cf-9632ed32f74a (“default-src https://twitter.com http://localhost:* http://localhost.twitter.com:* https://*.twitter.com https://*.twimg.com https://vine.co https://*.vine.co https://*.periscope.tv https://*.pscp.tv”).
It doesn't play on my Linux Chrome either.
To add, it's random ...
Some people do not have problems with Firefox 57 ...
... with older versions of Firefox (including ESR), it does not work ...
... With Google Chrome, it works or not, according to the comments ...
... With IE, it works or not ...

And whatever the operating system (Linux, Windows ..) ...

All this would suggest a problem of integration of Twitter videos on its sites or problem of third-party cookies(1) from Twitter! What to think?

The same videos work on Twitter

topic on french forum : https://forums.mozfr.org/viewtopic.php?f=5&t=136219

***********
(1)already seen a similar problem with the third-party cookies (https addresses) of Dailymotion.fr on videos (http address) integrated with other sites ... (problem solved by automatically authorizing cookies for Dailymotion.fr in https)

But in his case of Twitter, I checked with new profiles and cookies allowed, but not solved ...
(In reply to Chris Pearce (:cpearce) from comment #2)
> Content Security Policy: The page’s settings blocked the loading of a
> resource

Duplicate of bug 1425672.
Status: NEW → RESOLVED
Closed: 2 years ago
Component: Audio/Video: Playback → DOM: Security
Resolution: --- → DUPLICATE
Duplicate of bug: 1425672
In 57.0.3 doesn't work, even changing security.csp.enable to false
It's not RESOLVED, correct it please!
In the Nightly version doesn't work either!
(In reply to josejoa59 from comment #8)
> It's not RESOLVED, correct it please!
Hi josejoa59, 
It seems a different problem. Can you file a new bug? 
Thank you.
(In reply to Blake Wu [:bwu][:blakewu] from comment #10)
> (In reply to josejoa59 from comment #8)
> > It's not RESOLVED, correct it please!
> Hi josejoa59, 
> It seems a different problem. Can you file a new bug? 
> Thank you.

It's not a different problem, it's the same, in Nightly and in Firefox, and also in tweetdeck, This problem has a long time without solving, i can't understand this slowliness. Chrome had the same problem long time ago, but they solved it without any dilation.
You need to log in before you can comment on or make changes to this bug.