Closed Bug 1796728 Opened 3 years ago Closed 3 years ago

Firefox console emits a CSP unsafe-inline error, but there is no unsafe-inline script

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
Firefox 106
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: akropol54, Assigned: tschuster)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Error
6.12 KB, image/png
Details
Attached image Error

Firefox's console emits this error:

Content Security Policy: The page's settings blocked the loading of a resource at inline ("script-src")

It has no line number or any obvious way to track down where it might be coming from. Chrome doesn't have any CSP errors, and whatever is happening doesn't seem to be breaking anything at all.

See details below:
bug 1591807 comment 12
bug 1591807 comment 12
bug 1591807 comment 12

Flags: needinfo?(fs)
Flags: needinfo?(ckerschb)
URL: https://phonebook.mozilla.org/
See Also: → 1591807

Tom, since you are doing lots of CSP works these days, can you take a look?

Flags: needinfo?(ckerschb) → needinfo?(tschuster)

Hi Alexander. Thanks for your report. I see that you posted some code snippets in bug 1591807 that presumably reproduce this problem. Would it be possible to get a complete test case (HTML file) for this?

Flags: needinfo?(tschuster)
Flags: needinfo?(fs)
Flags: needinfo?(akropol54)
Blocks: csp-console-logging
Assignee: nobody → tschuster

This is not actionable without at least the CSP and some more example code.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
Flags: needinfo?(akropol54)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: