X
Tap here to go to the mobile version of the site.

منتدى الدعم

CSP rule depends on browser

Posted

I need some advice on what to tell mail.com support.

I can log into my mail webmail account mail.com, but when clicking to access my inbox to view my mail, this message appears:

"Blocked by Content Security Policy

This page has a content security policy that prevents it from being loaded in this way.

Firefox prevented this page from loading in this way because the page has a content security policy that disallows it."

Am I correct in assuming that the site in question is responsible for setting their own CSP, so they seem to have gotten something mixed up?

I have tested with all add on disabled as well. I found that the issue happens on Firefox 25.0.1, released 2014, (I cannot to due to add on compatibility) but does not happen on latest browser version so I am puzzled how can a Content Security Policy (CSP) rule be browser VERSION dependent?

Their support email just feeds me the "upgrade your browser" but is this not a bad CSP rule they can fix?

If mail.com will not help me can I disable CSP just for this site (not globally) in the browser - is there an add on that I can use to work around there unhelpful email support?

I need some advice on what to tell mail.com support. I can log into my mail webmail account mail.com, but when clicking to access my inbox to view my mail, this message appears: "Blocked by Content Security Policy This page has a content security policy that prevents it from being loaded in this way. Firefox prevented this page from loading in this way because the page has a content security policy that disallows it." Am I correct in assuming that the site in question is responsible for setting their own CSP, so they seem to have gotten something mixed up? I have tested with all add on disabled as well. I found that the issue happens on Firefox 25.0.1, released 2014, (I cannot to due to add on compatibility) but does not happen on latest browser version so I am puzzled how can a Content Security Policy (CSP) rule be browser VERSION dependent? Their support email just feeds me the "upgrade your browser" but is this not a bad CSP rule they can fix? If mail.com will not help me can I disable CSP just for this site (not globally) in the browser - is there an add on that I can use to work around there unhelpful email support?

Modified by Scott

Additional System Details

Installed Plug-ins

  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • Version 5.38.6.0

Application

  • Firefox 25.0.1
  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0
  • Support URL: https://support.mozilla.org/1/firefox/25.0.1/WINNT/en-US/

Extensions

  • Adblock Plus 2.5.1 ({d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d})
  • Add to Search Bar 2.2 (add-to-searchbox@maltekraus.de)
  • Add-ons Manager Dialog Returns 1.4.1 (amdialog.dimsal.mozillaext@gmail.com)
  • Bookmark Favicon Changer 2.14 (bookmarkfaviconchanger@sonthakit)
  • Classic Toolbar Buttons 1.4.0 (CSTBB@NArisT2_Noia4dev)
  • Cleanest Addon Manager 7.0 (cam@sdrocking.com)
  • CoLT 2.6.1 ({e6c4c3ef-3d4d-42d6-8283-8da73c53a283})
  • Copy Links 0.1.7 ({76C80A11-FAD4-406c-8246-F5ED4F9367B5})
  • DOM Inspector 2.0.15.1-signed (inspector@mozilla.org)
  • DownloadHelper 4.9.22 ({b9db16a4-6edc-47ec-a1f4-b86292ed211d})
  • Element Hiding Helper for Adblock Plus 1.2.3 (elemhidehelper@adblockplus.org)
  • English (Australian) Dictionary 2.1.2 (en-AU@dictionaries.addons.mozilla.org)
  • Enhanced Middle Click 0.4.5 (enhancedmiddleclick@senicar.net)
  • Extension Options Menu 2.10 ({1feca320-6b4d-11df-a08a-0800200c9a66})
  • Find Preferences 1.0 ({3af650ad-d284-47b1-9f5b-37f7b2f2ff1f})
  • FindBar Tweak 1.4.18 (fbt@quicksaver)
  • FlashGot 1.5.5.98 ({19503e42-ca3c-4c27-b1e2-9cdb2170ee34})
  • Form History Control 1.3.3.0 (formhistory@yahoo.com)
  • FoxVox 1.7.9.1 (foxvox@wordit.com)
  • Go Parent Folder 2.8 (goParentFolder@alice)
  • IdentFavIcon 0.3.4.7 (identfavicon@david.hanak.hu)
  • ImageShack right-click 1.0.1 (imageshack@unsubstantial.info)
  • LastPass 3.1.1 (support@lastpass.com)
  • Lazarus: Form Recovery 3.1.0.1 (lazarus@interclue.com)
  • Memory Restart 1.18 (memoryrestart@teamextension.com)
  • NoSquint 2.1.9 (nosquint@urandom.ca)
  • Nuke Anything Enhanced 1.1 ({1ced4832-f06e-413f-aa14-9eb63ad40ace})
  • Open in Private Window 0.2.1 (OpenInPrivateWindow@loucypher)
  • Open With 5.5b2 (openwith@darktrojan.net)
  • Organize Search Engines 1.7 (organize-search-engines@maltekraus.de)
  • Paste Email Plus 5.1 (pasteemailplus@guid.customsoftwareconsult.com)
  • Print Edit 12.0 (printedit@DW-dev)
  • Private Tab 0.1.7.3 (privateTab@infocatcher)
  • QuickJava 2.0.4 ({E6C1199F-E687-42da-8C24-E7770CC3AE66})
  • Restartless Restart 9 (restartless.restart@erikvold.com)
  • Save Image in Folder 1.3.15 ({5e594888-3e8e-47da-b2c6-b0b545112f84})
  • SearchWith 0.4.4 ({79898015-E980-457c-BDE0-D2ECCAF4B654})
  • Send Mail in Browser 0.3 (mailinbrowser@permurl.com)
  • Show Parent Folder 2.1 (showParentFolder@alice)
  • Stylish 1.4.2 ({46551EC9-40F0-4e47-8E18-8E5CF550CFB8})
  • Tab Groups Helper 0.2.7.1-signed (tabgroupshelper@kevinallasso.org)
  • Tab Mix Plus 0.4.1.5.2 ({dc572301-7619-498c-a57d-39143191b318})
  • Toggle Mixed Active Content 1.0.rev14 (jid0-LfpuGtyvjqw5JxLBjdCjX5Fzorw@jetpack)
  • Toolbar Buttons 1.0 ({03B08592-E5B4-45ff-A0BE-C1D975458688})
  • Troubleshooter 1.1a.1-signed (troubleshooter@mozilla.org)
  • UnMHT 7.0.3 ({f759ca51-3a91-4dd1-ae78-9db5eee9ebf0})
  • add.2.cal 20110505 (add2cal-addon@blackdrumm.com) (Inactive)
  • AddMoreTextToClipboard 2.2.0.1-signed (addmoretexttoclipboard@kppk05.sakura.ne.jp) (Inactive)
  • AllowClipboard Helper 1.0.1 ({cda6db95-6aab-414b-803c-40cf34f589b5}) (Inactive)
  • Automatic Save Folder 1.0.4 (asf@mangaheart.org) (Inactive)
  • Blank Your Monitor + Easy Reading 1.9.8 (bym@savetheworld.org) (Inactive)
  • Buffer 2.7.7sr2 (jid1-zUyU7TGKwejAyA@jetpack) (Inactive)
  • BugMeNot Plugin 3 ({987311C6-B504-4aa2-90BF-60CC49808D42}) (Inactive)
  • ChmFox 2.7 (chmfox@zhuoqiang.me) (Inactive)
  • Configuration Mania 1.14.2011103001 ({c4d362ec-1cff-4ca0-9031-99a8fad7995a}) (Inactive)
  • Controle de Scripts (Script Manager) 1.0.3 ({75e19832-90c0-4553-91a0-e5d0ac5d99fd}) (Inactive)
  • Custom Buttons 0.0.5.6 (custombuttons@xsms.org) (Inactive)
  • Download Status Bar 10.0.0 ({6c28e999-e900-4635-a39d-b1ec90ba0c0f}) (Inactive)
  • Download Statusbar 0.9.10 ({D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}) (Inactive)
  • Download YouTube Videos as MP4 1.7.24 ({b9bfaf1c-a63f-47cd-8b9a-29526ced9060}) (Inactive)
  • enhanced findbar 0.9.0 (enhancedfindbar@doiken.net) (Inactive)
  • EPUBReader 1.4.2.4 ({5384767E-00D9-40E9-B72F-9CC39D655D6F}) (Inactive)
  • Fast Dial 4.2.1 (fastdial@telega.phpnet.us) (Inactive)
  • FEBE 8.0.4 ({4BBDD651-70CF-4821-84F8-2B918CF89CA3}) (Inactive)
  • Firebug 1.12.7 (firebug@software.joehewitt.com) (Inactive)
  • FireFTP 2.0.17 ({a7c6cf7f-112c-4500-a7ea-39801a327e5f}) (Inactive)
  • FireShot 0.98.56 ({0b457cAA-602d-484a-8fe7-c1d894a011ba}) (Inactive)
  • FireSSH 0.89.1 (firessh@nightlight.ws) (Inactive)
  • Full Screen Image Viewer 5.1 (imageviewer@toptip.ca) (Inactive)
  • Google Calendar Watcher 1.0.4 (gcw@devseo.co.uk) (Inactive)
  • Google/Yandex search link fix 1.4.1 (jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack) (Inactive)
  • Greasemonkey 1.15 ({e4a8a97b-f2ed-450b-b12d-ee082ba24781}) (Inactive)
  • HackTheWeb 1.3.20 (hacktheweb@instantfox.com) (Inactive)
  • Hide BookmarksBar 3.3.1-signed ({311ece6e-ea6a-442f-a02a-a362e561d892}) (Inactive)
  • HTTPS-Everywhere 3.5.1 (https-everywhere@eff.org) (Inactive)
  • It's All Text! 1.8.1 (itsalltext@docwhat.gerf.org) (Inactive)
  • JSONView 0.7 (jsonview@brh.numbera.com) (Inactive)
  • Lightbeam 1.0.10.2 (jid1-F9UJ2thwoAm5gQ@jetpack) (Inactive)
  • mail.com MailCheck 3.0.6.1-signed (toolbar@mail.com) (Inactive)
  • Memory Fox 7.4.1-signed ({E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}) (Inactive)
  • Mind the Time 1.2.2 (jid0-HYNmqxA9zQGfJADREri4n2AHKSI@jetpack) (Inactive)
  • Mozilla Archive Format 3.0.2 ({7f57cf46-4467-4c2d-adfa-0cba7c507e54}) (Inactive)
  • MR Tech Toolkit 6.0.4.9000 ({9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}) (Inactive)
  • Nimbus Screen Capture - editable screenshots. 4.2.7 (nimbusscreencaptureff@everhelper.me) (Inactive)
  • NoScript 2.6.8.24 ({73a6fe31-595d-460b-a920-fcc0f8843232}) (Inactive)
  • Operator 0.9.5.6 ({95C9A302-8557-4052-91B7-2BB6BA33C885}) (Inactive)
  • Password Exporter 1.2.1 ({B17C1C5A-04B1-11DB-9804-B622A1EF5492}) (Inactive)
  • QuickPasswords 3.1 (QuickPasswords@axelg.com) (Inactive)
  • Redirect Remover 2.6.4.1 (rdr@xeen) (Inactive)
  • Rehost Image 1.5.15 (rehostimage@engy.us) (Inactive)
  • Re-Pagination 2013.03.18 ({6072cb90-a0bd-11da-a746-0800200c9a66}) (Inactive)
  • Resurrect Pages 2.0.6 ({0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}) (Inactive)
  • RSFind! Mod 1.8.1 ({b8d51471-15f1-46cd-a600-448a6b103c2d}) (Inactive)
  • Save Images 1.0.2 (LDSI_plashcor@gmail.com) (Inactive)
  • Saved Password Editor 2.7.2 (savedpasswordeditor@daniel.dawson) (Inactive)
  • Session Manager 0.8.1.6 ({1280606b-2510-4fe0-97ef-9b5a22eafe30}) (Inactive)
  • Shelve 1.34 (shelve@thomas.link) (Inactive)
  • Sidebar Bookmarks Search Plus 1.9 (sidebarBookmarksSearch@alice) (Inactive)
  • SmartVideo For YouTube 0.979 (mytube@ashishmishra.in) (Inactive)
  • SQLite Manager 0.8.1 (SQLiteManager@mrinalkant.blogspot.com) (Inactive)
  • Text to Voice 1.10 (text2voice@vik.josh) (Inactive)
  • The Middle Mouse Button 1.00 (TheMiddleMouseButton@polarcloud.com) (Inactive)
  • Title Save 0.3 ({BDE27AC7-3317-44a2-9662-D3A888FBED0D}) (Inactive)
  • WiseStamp 3.11.12 (wisestamp@wisestamp.com) (Inactive)
  • Xmarks 4.2.1 (foxmarks@kei.com) (Inactive)
  • YouTube Center 2.1.1 (jid1-cwbvBTE216jjpg@jetpack) (Inactive)
  • Zoom toolbar 1.1 ({FBFB7597-9E32-46b4-A500-8B6B0412777F}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Mobile Intel(R) 945 Express Chipset Family
  • adapterDescription2:
  • adapterDeviceID: 0x27a2
  • adapterDeviceID2:
  • adapterDrivers: igxprd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: False
  • direct2DEnabledMessage: [u'tryNewerDriver', u'6.1400.1000.5218']
  • directWriteEnabled: False
  • directWriteVersion: 0.0.0.0
  • driverDate: 8-9-2007
  • driverDate2:
  • driverVersion: 6.14.10.4860
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'skia', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'none', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'tryNewerDriver', u'6.1400.1000.5218']
  • numTotalWindows: 1
  • webglRendererMessage: [u'tryNewerDriver', u'6.1400.1000.5218']
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Basic

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • accessibility.warn_on_browsewithcaret: False
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 235520
  • browser.link.open_newwindow.restriction: 0
  • browser.places.importBookmarksHTML: False
  • browser.places.smartBookmarksVersion: 4
  • browser.search.openintab: True
  • browser.search.suggest.enabled: False
  • browser.search.update: False
  • browser.search.useDBForOrder: True
  • browser.sessionstore.interval: 30000
  • browser.sessionstore.max_tabs_undo: 20
  • browser.sessionstore.postdata: -1
  • browser.sessionstore.upgradeBackup.latestBuildID: 20131112160018
  • browser.startup.homepage: about:home
  • browser.startup.homepage_override.buildID: 20131112160018
  • browser.startup.homepage_override.mstone: 25.0.1
  • browser.tabs.closeWindowWithLastTab: False
  • browser.tabs.insertRelatedAfterCurrent: False
  • browser.tabs.loadInBackground: False
  • browser.tabs.selectOwnerOnClose: False
  • browser.tabs.warnOnClose: False
  • browser.zoom.siteSpecific: False
  • dom.allow_scripts_to_close_windows: True
  • dom.disable_window_open_feature.directories: True
  • dom.disable_window_open_feature.scrollbars: True
  • dom.max_chrome_script_run_time: 90
  • dom.max_script_run_time: 25
  • dom.mozApps.used: True
  • dom.popup_allowed_events: change click dblclick focus mouseup reset submit
  • extensions.checkCompatibility.25.0: True
  • extensions.checkCompatibility.6.0: True
  • extensions.lastAppVersion: 25.0.1
  • font.internaluseonly.changed: True
  • font.name.monospace.x-western: Fixedsys
  • font.name.sans-serif.x-western: Microsoft Sans Serif
  • font.name.serif.x-western: Cambria
  • font.size.fixed.x-western: 11
  • general.autoScroll: False
  • gfx.blacklist.direct2d: 3
  • gfx.blacklist.layers.direct3d10: 3
  • gfx.blacklist.layers.direct3d10-1: 3
  • gfx.blacklist.layers.direct3d9: 3
  • gfx.blacklist.layers.opengl: 3
  • gfx.blacklist.stagefright: 3
  • gfx.blacklist.suggested-driver-version: 6.1400.1000.5218
  • gfx.blacklist.webgl.angle: 3
  • gfx.blacklist.webgl.msaa: 3
  • gfx.blacklist.webgl.opengl: 3
  • media.peerconnection.enabled: False
  • mousewheel.horizscroll.withnokey.action: 2
  • mousewheel.withaltkey.action: 2
  • mousewheel.withcontrolkey.action: 3
  • mousewheel.withnokey.action: 1
  • mousewheel.withshiftkey.action: 1
  • network.cookie.prefsMigrated: True
  • network.http.max-connections: 50
  • network.http.max-connections-per-server: 25
  • network.http.max-persistent-connections-per-proxy: 25
  • network.http.max-persistent-connections-per-server: 25
  • network.http.pipelining: True
  • network.http.pipelining.maxrequests: 8
  • network.http.pipelining.ssl: True
  • places.database.lastMaintenance: 1443690360
  • places.history.expiration.transient_current_max_pages: 12927
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • plugin.importedState: True
  • plugin.state.flash: 0
  • plugin.state.java: 0
  • plugin.state.npctrl: 0
  • plugin.state.npdeployjava: 0
  • plugin.state.npdrmv: 0
  • plugin.state.npdsplay: 0
  • plugin.state.npgoogleupdate: 0
  • plugin.state.npnul: 0
  • plugin.state.nppicasa: 0
  • plugin.state.npqtplugin: 1
  • plugin.state.npvlc: 0
  • plugin.state.npwmsdrm: 0
  • privacy.cpd.cookies: False
  • privacy.cpd.downloads: False
  • privacy.cpd.extensions-nosquint: False
  • privacy.cpd.extensions-sessionmanager: False
  • privacy.cpd.extensions-tabmix: False
  • privacy.cpd.formdata: False
  • privacy.cpd.history: False
  • privacy.cpd.offlineApps: True
  • privacy.cpd.sessions: False
  • privacy.donottrackheader.enabled: True
  • privacy.sanitize.migrateFx3Prefs: True
  • privacy.sanitize.timeSpan: 0
  • security.disable_button.openCertManager: False
  • security.warn_viewing_mixed: False
  • storage.vacuum.last.index: 1
  • storage.vacuum.last.places.sqlite: 1443109601

Misc

  • User JS: No
  • Accessibility: No
cor-el
  • Top 10 Contributor
  • Moderator
17422 solutions 157414 answers

Start Firefox in Safe Mode to check if one of the extensions (Firefox menu button/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.

  • Switch to the DEFAULT theme: Firefox menu button/Tools > Add-ons > Appearance
  • Do NOT click the Reset button on the Safe Mode start window

Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) to see if that helps.

Start Firefox in <u>[[Safe Mode|Safe Mode]]</u> to check if one of the extensions (Firefox menu button/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem. *Switch to the DEFAULT theme: Firefox menu button/Tools > Add-ons > Appearance *Do NOT click the Reset button on the Safe Mode start window *https://support.mozilla.org/kb/Safe+Mode *https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) to see if that helps. *http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/ *http://www.7tutorials.com/4-ways-boot-safe-mode-windows-10

Modified by cor-el

Question owner

Skip said

.. I have tested with all add on disabled as well. ..

I have tested in safe mode (holding shift key down when Firefox starts). It made no difference. Using the OS in safe mode made no difference.

''Skip [[#question-1086593|said]]'' <blockquote> .. I have tested with all add on disabled as well. .. </blockquote> I have tested in safe mode (holding shift key down when Firefox starts). It made no difference. Using the OS in safe mode made no difference.
jscher2000
  • Top 10 Contributor
8638 solutions 70677 answers

Skip said

I found that the issue happens on Firefox 25.0.1, released 2014, (I cannot to due to add on compatibility) but does not happen on latest browser version so I am puzzled how can a Content Security Policy (CSP) rule be browser VERSION dependent?

It's certainly possible there was a bug in the implementation of CSP in that version which was fixed later.

What kind of add-on doesn't work in Firefox 26 and later? (It's a security risk to use such an out-of-date version of Firefox.)

''Skip [[#question-1086593|said]]'' <blockquote>I found that the issue happens on Firefox 25.0.1, released 2014, (I cannot to due to add on compatibility) but does not happen on latest browser version so I am puzzled how can a Content Security Policy (CSP) rule be browser VERSION dependent? </blockquote> It's certainly possible there was a bug in the implementation of CSP in that version which was fixed later. What kind of add-on doesn't work in Firefox 26 and later? (It's a security risk to use such an out-of-date version of Firefox.)