Objects blocked but no clear error message in browser console

  • Ambyomoron

    (@josiah-s-carberry)


    3 years, 8 months ago

    After updating the plugin to ver 1.5.0 certain elements on a page are being blocked (when the CSP is active), but no error message in displayed in the browser console explaining what directive is concerned.

    The problem occurs in Firefox 86.0.1, but not in Chrome 89.0.4389.90. In particular, the page should display several background images and some header text, but it does not in Firefox. In Chrome, the page is displayed correctly. Caches are cleared in all cases.

    In the Chrome console there are absolutely no messages at all. In the Firefox console, there are various messages, but the only messages relative to CSP are:

    Content Security Policy: Couldn’t process unknown directive ‘script-src-elem’
Content Security Policy: Couldn’t process unknown directive ‘style-src-elem’
Content Security Policy: Couldn’t process unknown directive ‘style-src-attr’

    The problem is not in the img-src directive

    Before upgrading to the current version of the plugin, I did not face this problem. There are no unhandled current violations in the plugin’s list.

    I am at a loss to figure out how to diagnose the problem and resolve it.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author bluetriangle

    (@bluetriangle)

    Hey there,

    Thanks for reaching out on this! We’re digging into it now and we’ll get back with you as soon as we can.

    Firefox does not support ‘script-src-elem’ / ‘style-src-elem’ / ‘style-src-attr’ directives. Only Chrome supports these. That’s why Firefox diags in console:
    Content Security Policy: Couldn’t process unknown directive ‘...’
    It’s not an error, just information message.

    Therefore you anyway have to use in the Content Security Policy ‘script-src’ and ‘style-src’ directives. And to full them by hosts/tokens like:

    ‘script-src’ = ‘script-src-elem’ + ‘script-src-attr’
‘style-src’ = ‘style-src-elem’ + ‘style-src-attr’

    with removing duplicates and incompatible sources

    • This reply was modified 3 years, 8 months ago by granty.
    • This reply was modified 3 years, 8 months ago by granty.
    Thread Starter Ambyomoron

    (@josiah-s-carberry)

    @csplite Thanks for this information. Unfortunately, I am not really sure to understand your point. Are you saying that the images are blocked in Firefox because I have included directives for script-src-elem, script-src-attr, style-src-elem and style-src.attr ? And if this is what you mean to say, I do not understand what you mean by “…full them by hosts/tokens” Are you saying that I should copy the strings for the elem and attr directives into the script-src or style-src directives and them completely remove the elem and attr directives?

    Many thanks for your clarification.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Objects blocked but no clear error message in browser console’ is closed to new replies.