Combine the two Network/TP warnings for blocked scripts
Categories
(Firefox :: Protections UI, defect, P2)
Tracking
()
People
(Reporter: Harald, Assigned: ehsan.akhgari)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
Updated•6 years ago
|
Assignee | ||
Updated•6 years ago
|
Comment 1•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Assignee | ||
Comment 3•6 years ago
|
||
Comment 5•6 years ago
|
||
bugherder |
Updated•6 years ago
|
Updated•6 years ago
|
Comment 6•6 years ago
|
||
Considering the long time it took for someone to get on this time, it appears that a few cycles have passed. Considering that this bug is fixed in firefox66, then it should also be fixed in firefox69, firefox68 and firefox67 and should reproduce in firefox65 (or older).
-
This is the messages that are being considered incorrect:
"
The resource at “https://www.google-analytics.com/analytics.js” was blocked because content blocking is enabled. enter_bug.cgi
Loading failed for the <script> with source “https://www.google-analytics.com/analytics.js”. enter_bug.cgi:162:1
" -
This is in firefox65 when opening the Bugzilla page:
"
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
" -
This is in firefox66 when opening the Bugzilla page:
"
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Request to access cookie or storage on “https://www.google-analytics.com/analytics.js” was blocked because it came from a tracker and content blocking is enabled. enter_bug.cgi
Request to access cookie or storage on “https://www.google-analytics.com/r/collect” was blocked because it came from a tracker and content blocking is enabled.
" -
This is in firefox67 when opening the Bugzilla page:
"
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Request to access cookie or storage on “https://www.google-analytics.com/analytics.js” was blocked because it came from a tracker and content blocking is enabled. enter_bug.cgi
Request to access cookie or storage on “https://www.google-analytics.com/r/collect” was blocked because it came from a tracker and content blocking is enabled.
" -
This is in firefox68 when opening the Bugzilla page:
"
Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
Content Security Policy: This site (https://bugzilla.mozilla.org) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.
Request to access cookie or storage on “https://www.google-analytics.com/analytics.js” was blocked because it came from a tracker and content blocking is enabled.
enter_bug.cgi
nsLoginManager: searchLogins:formSubmitURL
orhttpRealm
is recommended 2 LoginManager.jsm:392:13
Request to access cookie or storage on “https://www.google-analytics.com/r/collect” was blocked because it came from a tracker and content blocking is enabled.
"
Can you help me with the verification of this issue? I don't really understand which is a good result and which is a bad one. Thanks.
Assignee | ||
Comment 7•6 years ago
|
||
Hi Bodea,
The fix here eliminated the extra "Loading failed for the <script> with source..." message that you see in comment 0. The verification here would be to look at the console for that message and verify that you don't see it any more.
There are possibly many other messages that may come from other sources (as you've noted) that aren't related to the work that happened in this bug.
Comment 8•5 years ago
|
||
The issue does not reproduce in firefox65, but it also does not reproduce in any of the newer versions, as described in comment 5. Based on all the above, I will consider this issue verified. Thank you.
Updated•5 years ago
|
Description
•