Closed Bug 1766573 Opened 2 years ago Closed 2 years ago

csp is disabled but working

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
Firefox 99
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1754301

People

(Reporter: 2386343100, Unassigned)

Details

Attachments

(1 file)

D-Chat_20220427150513.png
239.22 KB, image/png
Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko/20100101 Firefox/99.0

Steps to reproduce:

update firefox from v97 to v99.
my js script is not working, it's a xhr requests. about:
var xhr = new XMLHttpRequest();
var url = "http://example..."
xhr.open('GET', url, false);
xhr.onload = function () {
// 请求结束后,在此处写处理代码
};
xhr.send(null);
var response = xhr.response
return JSON.parse(response)

Actual results:

error:
#Uncaught DOMException: A network error occurred.
#Content Security Policy: 页面设置阻止读取位于 http://..的一项资源("connect-src")。

Expected results:

In firefox v97 about:config, I change the "security.csp.enable" from ture to false. The script is working. But in firefox v99, The script run error either the "security.csp.enable" is true or false.

security.csp.enable was removed. bug 1754301 contains some tips for removing the header using an extension.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: