Closed Bug 578075 Opened 9 years ago Closed 9 years ago

[Regression] background images and border colors do not show up on Fx4 Beta 1 build

Categories

(Tech Evangelism Graveyard :: Portuguese, defect, major)

defect
Not set
major

Tracking

(blocking2.0 -)

VERIFIED FIXED
Tracking Status
blocking2.0 --- -

People

(Reporter: aakashd, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [Input])

Build Id:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:2.0b1) Gecko/20100628 Firefox/4.0b1 (.NET CLR 3.5.30729)

Steps to Reproduce:
1. Go to http://sigarra.up.pt/fep/web_page.inicial

Actual Results:
There are no images or borders shown on the page. This page works on Firefox 3.6.6, Chrome and Safari 4.0.3. 

Expected Results:
Background images and background borders/colors show on the page.
blocking2.0: --- → ?
This seems to be fallout from bug 493857.
I'm getting swamped by these messages in the error consoled (why aren't these errors?):
CSP debug: Constructed violation report:
{"csp-report":{"request":"GET http://sigarra.up.pt/fep/web_page.inicial HTTP/1.1","request-headers":"Host: sigarra.up.pt\u000aUser-Agent: Mozilla/5.0 (Windows; Windows NT 6.1; en-US; rv:2.0b2pre) Gecko/20100707 Minefield/4.0b2pre\u000aAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\u000aAccept-Language: en-us,en;q=0.5\u000aAccept-Encoding: gzip, deflate\u000aAccept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\u000aKeep-Alive: 115\u000aConnection: keep-alive\u000aCookie: FEPHTTP_SESSION=34213470\u000aIf-Modified-Since: Seg, 12 Jul 2010 18:54:04 GMT\u000aCache-Control: max-age=0\u000a","blocked-uri":"http://sigarra.up.pt/fep/css/10043","violated-directive":"allow self"}}

CSP debug: shouldLoad location = http://sigarra.up.pt/fep/css/10101

CSP debug: shouldLoad content type = 4

CSP debug: blocking request for http://sigarra.up.pt/fep/css/10101

etc..

The http header, which I get (using Rex Swain http header view):
HTTP/1.1·200·OK(CR)(LF)
Content-Length:·23788(CR)(LF)
Content-Type:·text/html;·charset=iso-8859-15(CR)(LF)
Set-Cookie:·FEPHTTP_SESSION=34213715;·path=/(CR)(LF)
Connection:·Close(CR)(LF)
Server:·Oracle-Application-Server-10g·OracleAS-Web-Cache-10g/10.1.2.0.2·(N;ecid=300335234958,0)(CR)(LF)
Last-Modified:·Seg,·12·Jul·2010·18:59:27·GMT(CR)(LF)
Date:·Mon,·12·Jul·2010·17:59:27·GMT(CR)(LF)
X-Frame-Options:·deny(CR)(LF)
X-Content-Security-Policy:·allow·self(CR)(LF)
(CR)(LF)
Blocks: CSP
Component: Layout → DOM: Core & HTML
QA Contact: layout → general
The images and other resources are being blocked because the site is using an invalid Content Security Policy.  Note they are serving the header:
X-Content-Security-Policy: allow self

That policy, in effect, is saying "only allow resources from the hostname, self, to load".

If they change the value of the policy to contain: allow 'self' (add single quotes), the site will work properly.  I'm a bit surprised they would make a change like that without testing first...
Does this need to be an evangelism bug?  Has someone contacted the site yet?
joao,  can you help to find a contact and point them at this bug and the fix in comment 2.  It's great to see people using CSP!
I know a couple of people at that university. I'll look up who's responsible. If anyone can give me some specific information I can pass along, it would be great.
Talked to a sysadmin there. He's going to forward the information to the responsible people, hopefully they'll give us some feedback here.
The specific information is in comment 2.  The header they send is:

  X-Content-Security-Policy: allow self

They should be sending:

  X-Content-Security-Policy: allow 'self'
I've been told that this already has been corrected for one of the schools and should be applied soon to all the schools in that university.
Thanks João!
Sounds like this is a solved issue? Over to tech evangelism to verify. Either way, doesn't block 2.0.
Assignee: nobody → portuguese
blocking2.0: ? → -
Component: DOM: Core & HTML → Portuguese
Product: Core → Tech Evangelism
QA Contact: general → portuguese
Yes, solved.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
I confirm the fix is verified on Latest Nightly BuildID: 20130828030202
Status: RESOLVED → VERIFIED
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.