Closed
Bug 886132
Opened 11 years ago
Closed 11 years ago
Disqus comments system on CNN claims that Firefox is not supported
Categories
(Tech Evangelism Graveyard :: English US, defect)
Tech Evangelism Graveyard
English US
Tracking
(firefox23 unaffected, firefox24- affected, firefox25- affected)
RESOLVED
DUPLICATE
of bug 885433
| Tracking | Status | |
|---|---|---|
| firefox23 | --- | unaffected |
| firefox24 | - | affected |
| firefox25 | - | affected |
People
(Reporter: unghost, Assigned: geekboy)
Details
Attachments
(3 files)
|
648.68 KB,
image/png
|
Details | |
|
243.24 KB,
image/png
|
Details | |
|
1.84 KB,
patch
|
Details | Diff | Splinter Review |
Screenshot of error
STR: 1) Open http://edition.cnn.com/2013/06/22/politics/nsa-leaks/index.html Expected results: Comments are shown as usual Actual results: Comments are shown in legacy mode with following comment: Sorry, the browser you are using is not currently supported. Disqus actively supports the following browsers: Firefox Chrome Internet Explorer 8+ Safari This page is forcing your browser to use legacy mode, which is not compatible with Disqus. Please see our troubleshooting guide to get more information about this error. I see a ton of warnings in Firefox error console like: Warning: Content Security Policy: Directive inline style base restriction violated Source: http://disqus.com/embed/comments/?f=cnn&t_i=%2F2013%2F06%2F23%2Fpolitics%2Fnsa-leaks%2Findex.html&t_u=http%3A%2F%2Fwww.cnn.com%2F2013%2F06%2F23%2Fpolitics%2Fnsa-leaks%2Findex.html&t_t=WikiLeaks%3A%20Snowden%20arrives%20in%20Moscow&t_e=WikiLeaks%3A%20Snowden%20arrives%20in%20Moscow&t_d=WikiLeaks%3A%20Snowden%20arrives%20in%20Moscow&t_c=207582&s_o=popular&disqus_version=1371773468#3 so probaly it caused some change in Content Security Policy, perhaps Bug 764937
|
Reporter | |
Comment 1•11 years ago
|
||
Same error on Disqus test page - http://newsbusters.org/here-test-disqus-page.html
|
|
Reporter | |
Comment 2•11 years ago
|
||
Actually on test page comments are shown twice - first in legacy mode, second in normal mode.
|
Assignee | |
Comment 3•11 years ago
|
||
I can't reproduce this in Nightly 24a1 on Mac OS X. Are you using any add-ons that apply a content security policy (like UserCSP)? What version of Firefox are you using, and on which platform?
|
|
Reporter | |
Comment 4•11 years ago
|
||
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #3) > I can't reproduce this in Nightly 24a1 on Mac OS X. Are you using any > add-ons that apply a content security policy (like UserCSP)? What version > of Firefox are you using, and on which platform? I see it on Nightly 24a1 on 64-bit Linux with new Firefox profile - Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20130624 Firefox/24.0 ID:20130624031040 CSet: 76820c6dff7b Also I've reproduced it on Nightly 24a1 on Windows XP - Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20130624 Firefox/24.0 Some people on Mozillazine claim that they have seen it too - http://forums.mozillazine.org/viewtopic.php?p=12929261#p12929261
|
||
Comment 5•11 years ago
|
||
I see it too: a warning and two sets of comments. 2013-06-24-03-10-40-mozilla-central-firefox-24.0a1.ru.linux-x86_64
|
|
Assignee | |
Comment 6•11 years ago
|
||
Are you using any add-ons? Also, can you help me identify the content security policy (since I can't reproduce it myself)? It will be sent as an HTTP header on one of the HTML documents.
|
|
||
Comment 7•11 years ago
|
||
comment 5 is without any add-ons, with a "temporary profile" created with the external ProfileManager.
|
|
Reporter | |
Comment 8•11 years ago
|
||
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #6) > Are you using any add-ons? No. > Also, can you help me identify the content security policy (since I can't > reproduce it myself)? It will be sent as an HTTP header on one of the HTML > documents. Probably this header (taken from Firefox network console): Vary: Accept-Encoding Surrogate-Control: max-age=5 P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM" Date: Mon, 24 Jun 2013 18:09:49 GMT Content-Type: text/html; charset=utf-8 content-security-policy: script-src 'unsafe-eval' 'self' *.disqus.com:* *.google-analytics.com:* *.scorecardresearch.com:* Content-Length: 3297 Content-Encoding: gzip Connection: close Cache-Control: no-cache, public, must-revalidate Accept-Ranges: bytes
|
|
Reporter | |
Comment 9•11 years ago
|
||
I also can reproduce it on http://www.gossipcop.com/
|
||
Comment 10•11 years ago
|
||
Reproduces for me on Nightly 24.0a1 (2013-06-23) on Windows 7. Does not reproduce for me on Aurora 23.0a2 (2013-06-24). Fresh profiles in both cases. I looked at the requests going to disqus.com but didn't actually see any CSP headers...
|
|
||
Comment 11•11 years ago
|
||
Ah, good work finding the CSP header, Alexander, thanks ! What may be happening here is that Disqus isn't expecting the style blocking to be happening if they don't provide a style-src or default-src directive. That's bug 885433.
|
|
Reporter | |
Comment 12•11 years ago
|
||
Requesting for tracking Firefox 24 and 25. Disqus is very popular online discussion and commenting service for websites ( http://en.wikipedia.org/wiki/Disqus ) and it would be quite bad to leave it broken for users. Disqus support claims that they support only Firefox release builds, but not nightly builds - https://twitter.com/disqushelp/status/349587272670248961
tracking-firefox24:
--- → ?
tracking-firefox25:
--- → ?
|
|
Reporter | |
Comment 13•11 years ago
|
||
FWIW this user ( https://twitter.com/disqushelp/status/349587272670248961 ) claims that he doesn't see any issues in Firefox Nightly on Mac. Sid hadn't seen any issues on Mac OS X too. Perhaps this bug is Windows/Linux only.
|
||
Comment 14•11 years ago
|
||
(In reply to Alexander L. Slovesnik from comment #13) I can definitely reproduce on Mac.
|
||
Comment 15•11 years ago
|
||
Hi, I'm Using Firefox Nightly on Mac, But I'm facing the issues. I'm unable to comment using DIsqus. System Info : MAC OS X 10.8.4
|
|
||
Comment 16•11 years ago
|
||
|
|
||
Updated•11 years ago
|
status-firefox23:
--- → unaffected
status-firefox24:
--- → affected
status-firefox25:
--- → affected
|
||
Comment 17•11 years ago
|
||
(In reply to Ian Melven :imelven from comment #11) > Ah, good work finding the CSP header, Alexander, thanks ! > > What may be happening here is that Disqus isn't expecting the style blocking > to be happening if they don't provide a style-src or default-src directive. > That's bug 885433. Hey Ian, is Bug 885433 going to be the right fix from our side to resolve the issue ?
|
|
||
Comment 18•11 years ago
|
||
(In reply to bhavana bajaj [:bajaj] from comment #17) > (In reply to Ian Melven :imelven from comment #11) > > Ah, good work finding the CSP header, Alexander, thanks ! > > > > What may be happening here is that Disqus isn't expecting the style blocking > > to be happening if they don't provide a style-src or default-src directive. > > That's bug 885433. > > Hey Ian, is Bug 885433 going to be the right fix from our side to resolve > the issue ? that's my impression right now based on Alexander's information in comment 8, but I haven't looked too deeply at what's going on. Btw, grobinson mentioned to me earlier today he's looking at bug 885433.
|
|
Assignee | |
Comment 19•11 years ago
|
||
Yeah, looks like bug 885433 should fix this issue. I whipped up a hacky fix that allows inline-styles by default but disallows them when style-src is present (without the unsafe-inline keyword). Seems to fix the problem, but not sure it's the right way forward. What do you think, garrett?
Assignee: english-us → sstamm
Attachment #768080 -
Flags: feedback?(grobinson)
|
|
||
Comment 20•11 years ago
|
||
Hi, One of the Nightly Tester Mentioned Disqus works fine on 10.7.5 on all Firefox browsers even Nightly and Aurora"
|
||
Comment 21•11 years ago
|
||
Same error on www.geforce.com (example http://www.geforce.com/whats-new/articles/introducing-the-geforce-gtx-760#disqus_thread) in Nightly 25.0a1 (2013-06-26), Windows 8 Pro
|
||
Comment 22•11 years ago
|
||
I have the issues on Mac and Linux. all running the greatest and latest nightly.
|
|
||
Comment 23•11 years ago
|
||
Garrett is working on a fix for 885433 that should take care of this based on Sid's experiment in comment 19, we had to divert briefly to fix bug 887974 which his work uncovered.
|
|
||
Comment 24•11 years ago
|
||
In https://bugzilla.mozilla.org/show_bug.cgi?id=885433#c5 Garrett says his patch fixes the issue with Disqus so duping this to that.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
|
||
Updated•11 years ago
|
Attachment #768080 -
Flags: feedback?(grobinson)
|
||
Updated•9 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•