CSP Issues in Chrome/Safari

VERIFIED FIXED

Status

VERIFIED FIXED
6 years ago
6 years ago

People

(Reporter: mkelly, Assigned: mkelly)

Tracking

Details

(URL)

(Assignee)

Description

6 years ago
In Chrome, when viewing https://firefoxflicks.mozilla.org/en-US/, the front-page carousel only shows the first slide. It doesn't show any dots and doesn't rotate.
(Assignee)

Comment 2

6 years ago
It turns out the issues we're experiencing are related to updating and changing our django-csp settings. Chrome now works fine, but older versions of Safari (I'm testing on 5.1.7) aren't able to get any of the CSS or images.
Summary: Front page carousel not rotating in Chrome → CSP Issues in Chrome/Safari
(Assignee)

Comment 4

6 years ago
So it turns out later versions of Safari 5 don't handle CSP very well: http://stackoverflow.com/questions/13663302/why-does-my-content-security-policy-work-everywhere-but-safari

Safari 6 handles the CSP fine and others (rbillings and bensternthal) have successfully tested the site using it. Earlier versions of Safari also do fine because they don't support CSP at all.

I checked Google Analytics and it looks like roughly 0.5% of our total traffic is Safari users who are possibly using an affected version (Ben might want to check to make sure I'm not missing something in the numbers). Given the small percentage vs the prospect of parsing the user agent and adding a shim middleware to handle this I think we should just reenable the middleware and call this fixed.

Ben: Thoughts?
Assignee: nobody → mkelly
Flags: needinfo?(booboobenny+bugzilla)
Bleh GA reports webkit not version. 

I agree with your assessment.

Go ahead and re-enable CSP for us.
Flags: needinfo?(booboobenny+bugzilla)

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.