Svi proizvodi Forum podrške

Below is the content-security-policy Firefox loads for chatGPT:

default-src 'self'; script-src 'self' 'nonce-eec8ce04-1f27-4481-8ed6-b8f877eef280' 'wasm-unsafe-eval' chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ wss://*.chatgpt.com wss://*.chatgpt.com/; script-src-elem 'self' 'nonce-eec8ce04-1f27-4481-8ed6-b8f877eef280' 'sha256-RvbVrdDS11FSnQaULCOgXPA5u0nMP2Im1d2pGiRBGC4=' 'sha256-eMuh8xiwcX72rRYNAGENurQBAcH7kLlAUQcoOri3BIo=' auth0.openai.com challenges.cloudflare.com chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://apis.google.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://docs.google.com https://jidori.g1.internal.services.openai.org https://js.live.net/v7.2/OneDrive.js https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ https://www-onepick-opensocial.googleusercontent.com wss://*.chatgpt.com wss://*.chatgpt.com/; img-src * 'self' blob: data: https: https://docs.google.com https://drive-thirdparty.googleusercontent.com https://ssl.gstatic.com; style-src 'self' 'unsafe-inline' chatgpt.com/ces https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ wss://*.chatgpt.com wss://*.chatgpt.com/; font-src 'self' data: https://*.oaistatic.com https://fonts.gstatic.com; connect-src 'self' *.oaiusercontent.com api-iam.intercom.io api-js.mixpanel.com browser-intake-datadoghq.com chatgpt.com/ces fileserviceuploadsperm.blob.core.windows.net http://0.0.0.0:* http://localhost:* https://*.chatgpt.com https://*.chatgpt.com/ https://*.oaistatic.com https://api.onedrive.com https://api.openai.com https://chat.openai.com https://chatgpt.com/ https://chatgpt.com/backend-anon https://chatgpt.com/backend-api https://chatgpt.com/graphql https://chatgpt.com/public-api https://chatgpt.com/voice https://content.googleapis.com https://docs.google.com https://events.statsigapi.net https://featuregates.org https://graph.microsoft.com https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ https://www.googleapis.com o33249.ingest.sentry.io statsigapi.net wss://*.chatgpt.com wss://*.chatgpt.com/ wss://*.intercom.io wss://*.webpubsub.azure.com; frame-src challenges.cloudflare.com https://*.sharepoint.com https://content.googleapis.com https://docs.google.com https://onedrive.live.com https://tcr9i.chat.openai.com https://tcr9i.chatgpt.com/ js.stripe.com; worker-src 'self' blob:; media-src blob: 'self' *.oaiusercontent.com fileserviceuploadsperm.blob.core.windows.net https://cdn.openai.com https://persistent.oaistatic.com; frame-ancestors chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj; report-to chatgpt-csp-new; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1f79f8ac903a5872ae5f53026d20a77c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=version%3Achatgpt-csp-new

Notice that it includes " frame-ancestors chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj"

Would this extension be installed in the computer, kind of like the extensions that are loaded from Chrome (i.e., C:\Users\myUser\AppData\Local\Google\Chrome\User Data\extensions_crx_cache)?

Thanx

For months, now, whenever I try to post a comment on a Yahoo! News article, it reads: "Your comment has failed to published." This only happens in Firefox. My "Privacy & Security" settings are set to "Standard," my "History" set to "use custom settings for history" with settings "Remember browsing and download history" and "Clear history when Firefox closes." so cookies and cache get cleared then.

Sometimes this works when starting a new session. But I shouldn't have to start another session and lose all of my logins just to post a comment on a Yahoo News article.

Anyone else having this problem? Is there an easy and permanent fix? What are you settings set at?

I'm trying to set my DNS settings in Firefox Nightly to a custom service. But i am having nothing but problems.

"Firefox Nightly 128.0a1 (Build #2016025199)"

I want to use one of these settings for the secured w/ECS:Malware blocking, DNSSEC Validation, ECS enabled.

My only problem is I'm not sure which format of the address options I should be inputting in the DNS settings in the about:config

Please help.

Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled

IPv4 9.9.9.11 149.112.112.11

IPv6 2620:fe::11 2620:fe::fe:11

HTTPS https://dns11.quad9.net/dns-query

TLS tls://dns11.quad9.net

P S. Yes I know I can set a custom DNS address in the connections settings of my android device. And it works most of the time. I however want my own settings in the browser itself.

Thank you in advance

How to use personal certificate issued to me by web service?

I install the certificate to device and enable "Use third party CA" in secret settings but don't work.

I keep getting prompted to sign into my Firefox account, but when I type my password and hit enter, the prompt clears out my password and nothing happens. I'm already logged in to post this question, so I'm confused as to why I keep getting prompted.

I've tried:

1. Numbered list item Removing the account, but the same unresponsive password prompt shows up
2. Numbered list item Reinstalling, but same issue
3. Numbered list item Resetting password, but same issue

Potentially related: I am successfully logged into my Firefox account on another laptop, and I'm seeing no prompts there. Any ideas what else to try?

Hello,

My password saved are deleted every time I close FF. It used to be manageable because Google and other sites didn't require me to fill my passwords (cookies did the trick I suppose) but now I also loose access to gmail and Youtube every time I close FF. It's annoying to have to use 2FA every damn time. And keeping the passwords available.

I've tried every answer I found by looking around :

- tried to start in safe mode - disable hardware acceleration - I have no extensions

FF saves the passwords correctly (at least they appear in the saved password tab) but they are erased every time I restart FF. The cookies aren't automatically deleted (FF remembers my browsing history) but I need to relog into Google.

I getting frustrated.

Hi! I would like to use Thunderbird with an email account provided by my university. It uses the gmail web client and is provided through google workspace (I believe). The login process involves a redirect to the campus authentication page, with a DUO 2FA ping. Is there a way to add this account to Thunderbird? Programs like Gnome Online Accounts allow me to add this as a google account and then follow the usual process in a web browser window. However, when I try this on Thunderbird, I get as far as granting access through Google's system, but then the system exits with "Unable to log in at server. Probably wrong configuration, username or password." Is there a way to set this up correctly? It looks like it almost works.

Hi - My company turned on some additional security settings for connecting to M365. Thunderbird Windows successfully provides the needed Entra ID, that is required in our M365 environment now for access by registered devices. The state of the device, as being registered in Entra ID, doesn't seem to be able to be passed via Mac Thunderbird but does for Windows Thunderbird?

This is the error - the fact that it shows the Device as unregistered is the key item - Thunderbird needs to be able to send the :

        You cannot access this right now
        Your sign-in was successful but does not meet the criteria to access this resource. For example, you 
        might be signing in from a browser, app, or location that is restricted by your admin.
        More details

        Error Code: 53003 
        Request Id: a2ae545e-6d4a-40e7-aed8-31e252422900 
        Correlation Id: 0200d612-710e-42ea-82c6-2aa415f3062f 
        Timestamp: 2024-06-06T14:09:39.975Z 
        App name: Thunderbird
        App id: 9e5f94bc-e8a4-4e73-b8be-63364c29d753
        IP address: 136.226.19.80
        Device identifier: Not available
        Device platform: macOS
        Device state: Unregistered

Is this something that can be addressed? I am really disrupted by not being able to manage my email through Thunderbird...

Bob - ramartin@mitre.org

Filled out a form on a Japanese Retail Store website to contact them and couldn't send the message. Message just hung up all day. I think the connection is secure (icon next to Firefox address bar does not have a slash thru it so I think connection is secure). That Firefox icon says it is blocking trackers and cookies on the website and "Enhanced Tracking Protection" is "On". And got message in bottom corner of website saying "ERROR for site owner: Invalid domain for site key". Using up-to-date Firefox browser, Windows 10 and Windows Defender Firewall. (Tried Windows Edge browser and it said connection was insecure so I followed steps to connect to it like changing Privacy settings and switching to a Private Window but it didn't help.) What else can I try to use this Japanese website? (Note: website does not have an email address listed anywhere.)

Hi there, It won't accept my primary password even though I know it is the right one,it has always been fine and has never changed. I have entered it so many times now still the same.I don't want to go through the resetting and loose all my info, I couldn't anyway as it will not accept my primary password to be able to. Thanks Henry

the only autoplay setting i can find is under privacy and security. the page shows DEFAULT FOR ALL WEBSITES: Block Audio and Video, but videos still open and play. the page does not retain the change when i select the button REMOVE ALL WEBSITES. this problem has not been happening for years. it may have begun about six months ago. thank you for your time

Hello,

I am unable to access x.com, and I think this is caused by hackers.

Below I try to explain the facts (or information) that leads me to this conclusion.

After I enter the x.com in Firefox's address, in the developer drawer Network tab I can see the content-security-policy as:

content-security-policy: connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com ws://localhost:8008/v2/ipc https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/ https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com 'nonce-ZDFkNGU5ZjQtYjdkZC00ZjhmLWFhMmMtZGIwMmY5ZGM2N2E4'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false

NOTICE THE script source policy: script-src 'self' 'unsafe-inline'

NONETHELESS, when I look at x.com source, I see:

<script nonce="NmM2ZWZkMWMtZTdmOC00YmE5LWI1Y2YtNTQ4NDIzMzFkZDUy">

window.__runPxScript = function() {

 delete window.__runPxScript;
 !function(e,t,n,s,u,a){e.twq||(s=e.twq=function(){s.exe?s.exe.apply(s,arguments):s.queue.push(arguments);
 },s.version='1.1',s.queue=[],u=t.createElement(n),u.async=!0,u.src='https://static.ads-twitter.com/uwt.js',
 a=t.getElementsByTagName(n)[0],a.parentNode.insertBefore(u,a))}(window,document,'script');
 twq('config','ogf5s');twq('config','o8zly');

} </script>

<script type="text/javascript" charset="utf-8" nonce="NmM2ZWZkMWMtZTdmOC00YmE5LWI1Y2YtNTQ4NDIzMzFkZDUy">location.assign("/account/access")</script>

Also, the developer drawer Console tab issues this error before being redirected to x.com/account/access:

Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified

I think the HTML that loads in Firefox is corrupted or tampered.

Could I get some feedback?

I noticed yesterday with version 115.4.2 32-bit (I just updated now) that an e-mail, part of a correspondence, would not load. Actually it did load but it seems to have permanently replaced the original message with a completely different e-mail from a different sender. But the From and the Subject lines pertained to the e-mail that was supposed to be there. The replacement message, if it matters, is an e-transfer notification, again, from a completely different sender.

I noticed then that a few other e-mails show only code data in the body. This is loading from a Gmail account which appears to be intact when I log in there directly.

I was also concerned when I first went to open Thunderbird from the taskbar, that a Win 10 pop-up appeared as I hovered over to click the icon, showing "recent" e-mails from all different dates, most of them well in the past and certainly not accessed recently. This has me concerned about a security breach.

PS: When I tried to remove the "recent" e-mails pop-up menu I accidentally deleted the taskbar shortcut and now can't get it back. Well, I can but the TBird icon won't reload and it just shows up as a blank icon.

Hi there,

I am tryign to access my firm's MetroBank account through Firefox and, after putting in my login details, I get a blank, white screen. I've tried with the same details through Chrome and it works. I've also disabbled pop up blocking and ad blockers.

Any other tips on what I could look for?

Rui

Discovered that until now I had been unable to store passwords on this browser, and discovered I would need to set a Primary Password before being able to set any. I followed the recommended instructions to set one, but no matter what I entered, it would be unable to set. (Password quality meter was not full (75-80%~), if that is significant.)

After this, I would receive continuous pop-up windows asking to set a Primary Password, but all attempts to set such a password would fail (Window named :"Alert", with text stating "Unable to Change Password.") These would persist until I shut down my computer, and I stopped receiving these popup windows, but ultimately, I am still unable to set a primary password., and thus, am unable to save passwords.

(Pop-up Windows were labelled "Change Password", and had text stating "Security Device: Software Security Device", along with having the password change form)

Hi, for about 14 days I get random certificate warnings - even on well known websites. They vary from SSL_ERROR_BAD_CERT_DOMAIN to SEC_ERROR_UNKNOWN_ISSUER... even on websites like x.com or LinkedIn. At the same time I got a new router from my ISP. But I am not sure, if this is connected somehow or if I got a Man-in-the-Middle or a virus. Malwarebytes & Co don´t find anything. I have resetted Firefox, too. But nothing helps. I get these errors in Chrome, too, sometimes. But not as often. Any ideas anybody? TIA!!!