Closed
Bug 854989
Opened 11 years ago
Closed 11 years ago
CSP Issues in Chrome/Safari
Categories
(Websites :: Firefox Flicks, defect)
Websites
Firefox Flicks
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: osmose, Assigned: osmose)
References
()
Details
In Chrome, when viewing https://firefoxflicks.mozilla.org/en-US/, the front-page carousel only shows the first slide. It doesn't show any dots and doesn't rotate.
|
||
Comment 1•11 years ago
|
||
Commit pushed to master at https://github.com/mozilla/firefox-flicks https://github.com/mozilla/firefox-flicks/commit/0f7956f277ee710d9449cd2f268f00cf7258bd99 Bug 854989: Add 'unsafe-inline' to CSP style exception as temporary fix.
|
Assignee | |
Comment 2•11 years ago
|
||
It turns out the issues we're experiencing are related to updating and changing our django-csp settings. Chrome now works fine, but older versions of Safari (I'm testing on 5.1.7) aren't able to get any of the CSS or images.
Summary: Front page carousel not rotating in Chrome → CSP Issues in Chrome/Safari
|
|
||
Comment 3•11 years ago
|
||
Commit pushed to master at https://github.com/mozilla/firefox-flicks https://github.com/mozilla/firefox-flicks/commit/95fe6c0c93a16cd4d78c10c704202d8867d0f4e6 Bug 854989: Temporarily disable CSP.
|
|
Assignee | |
Comment 4•11 years ago
|
||
So it turns out later versions of Safari 5 don't handle CSP very well: http://stackoverflow.com/questions/13663302/why-does-my-content-security-policy-work-everywhere-but-safari Safari 6 handles the CSP fine and others (rbillings and bensternthal) have successfully tested the site using it. Earlier versions of Safari also do fine because they don't support CSP at all. I checked Google Analytics and it looks like roughly 0.5% of our total traffic is Safari users who are possibly using an affected version (Ben might want to check to make sure I'm not missing something in the numbers). Given the small percentage vs the prospect of parsing the user agent and adding a shim middleware to handle this I think we should just reenable the middleware and call this fixed. Ben: Thoughts?
Assignee: nobody → mkelly
Flags: needinfo?(booboobenny+bugzilla)
|
||
Comment 5•11 years ago
|
||
Bleh GA reports webkit not version. I agree with your assessment. Go ahead and re-enable CSP for us.
Flags: needinfo?(booboobenny+bugzilla)
|
|
||
Comment 6•11 years ago
|
||
Commit pushed to master at https://github.com/mozilla/firefox-flicks https://github.com/mozilla/firefox-flicks/commit/7349907a703c7428542cd3f60639b47ef369d7fc Fix bug 854989: Re-enable CSP.
|
|
||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
||
Updated•11 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•