Content Security Policy 1.0 | Feature not activated when starting a session of Firefox
Categories
(Core :: DOM: Security, defect)
Tracking
()
People
(Reporter: lamalbrut, Unassigned)
Details
Attachments
(2 files, 1 obsolete file)
html5test.com_compared_Windows_Linux_Fedora.png
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:93.0) Gecko/20100101 Firefox/93.0
Steps to reproduce:
According to the on-line tools at https://html5test.com/ and https://caniuse.com/, Content Security Policy 1.0 is a feature supported by the latest version of Firefox. html5test.com's analyse engine version: 8.0, June 2016. Two systems are physically installed on my x86_64 computer: a Fedora Linux in last version and a Windows.
Actual results:
On Windows' side Content Security Policy 1.0 is marked as supported from the first execution of the analyse while on Fedora's side it is not. Refreshing the page in that last may trigger the activation of that feature, which then shall be detected.
Expected results:
That feature to be activated when starting a session of Firefox.
|
||
Comment 1•4 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
|
||
Comment 2•4 years ago
|
||
I can't think of any reason Firefox on Linux would be any different from Firefox on Windows regarding CSP. Are you using a Linux Firefox downloaded from Mozilla, or the one that came with the distro? What version is "a Fedora Linux in last version" (specific versions especially important for any future readers)? I tend to assume you tested using the Firefox 93.0 version represented by the User Agent string our bug filing tool captured, but it's wrong significantly often enough that it needs to be confirmed if possible. Not that our tool is buggy, but people file bugs with a different browser and/or OS than the one they tested quite a lot.
I could not reproduce this myself.
The next time you catch this, please immediately open the "Web Developer Tools" and see if any warnings or errors show up on the "Console" tab.
Firefox is installed from Fedora repository. Verification:
$ dnf list --installed firefox* | sed 1d
firefox.x86_64 3.0-2.fc35 @fedora
The analyses were conducted in each environments, with Fiirefox being identical in release and bit versions, with default settings applied, without add-ons installed, and otherwise in same conditions; no modifications requested from any third party software (e.g. OpenSCAP).
The results' values exhibited in html5test.com_compared_Windows_Linux_Fedora.png were respectively obtained in those environments:
517 | Windows; Firefox in both classic and troubleshoot modes.
509 | Fedora; Firefox in troubleshoot mode.
512 | Fedora; Firefox in classic mode, at first run.
514 | Fedora; Firefox in classic mode, at second run.
Case: 512 | Fedora; Firefox in classic mode, at first run.
The Firefox resulting from the installation while reporting the present issue and #1737302, was missing some functions and tools. In that context, Content Security Policy 1.0 was involved. Since then the Firefox installed is complete. As noticeable Content Security Policy 1.0 is no longer involved and Speech Synthesis took its place.
|
|
||
Comment 7•4 years ago
|
||
I don't understand any relationship between Content Security Policy and Speech Synthesis, but I think you're saying this issue is now resolved wrt to CSP. if you're having a speech synthesis problem please file a separate bug so those developers can get right down to the problem rather than being confused by the first several unrelated comments in this bug.
Description
•