Reputation: 3222
Strange CSP error in Firefox
I recently added the following CSP policies for https://stefan.sofa-rockers.org/
default-src 'self'; style-src 'self' https://brick.a.ssl.fastly.net; font-src 'self' https://brick.a.ssl.fastly.net
It seems to work well on all browser, but Firefox is showing me this strange, truncated error message:
Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src https://stefan.sofa-rockers.org”). Source: (function (ERROR) {
const V8_STACK_.... stefan.sofa-rockers.org:1
Do I have an error in my CSP (all resources are getting loaded, so I don't think this is the case) or might this be a bug in Firefox itself?
Upvotes: 2
Views: 3811
Answers (1)
Reputation: 87984
It looks like you may be hitting a known Firefox bug that’s been partially fixed in Firefox 58. See the Improved Content Security Policy (CSP) Handling section of the following blog post:
https://blog.mozilla.org/addons/2017/11/20/extensions-in-firefox-58/
The relevant existing Firefox bugs are these:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1406278
- https://bugzilla.mozilla.org/show_bug.cgi?id=1267027
And specifically, as noted in the comments here, if you have the Privacy Badger add-on installed, you might need to consider disabling it.
See also the following related Stack Overflow answers:
- Firefox content script not loading in some pages
- Content Security Policy failing on line 1 (Firefox 57.0)
Upvotes: 4
Related Questions
- Content Security Policy: resource blocked but CSP is configured to allow it
- CSP issue in firefox
- Whats wrong with my CSP? Content Security Policy (CSP) implemented unsafely
- Content Security Policy (CSP) blocking valid nonce in firefox
- Why does Firefox always give a warning with CSP: default-src 'self'?
- Content-Security-Policy errors in Firefox and Chrome
- Content Security Policy failing on line 1 (Firefox 57.0)
- Mozilla Observatory says I don't have a CSP, but I do
- CSP warning firebug
- CSP Violation Detected in Firefox OS validator