Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

CSP problem russian domain

  • Atsakymų nėra
  • 1 has this problem
  • 4 views
more options

Hello! Since recent time there was a problem with CSP on the Russian domains. Mozila blocks a vk.com frame (authorizations) at which on the website the Russian Russian Federation domain. I tried to include CSP, did not help, I do not know any more as to do here example of my CSP,

default-src 'self' vk.com *.vk.com https://vk.com https://*.vk.com; img-src 'self' vk.com *.vk.com https://vk.com https://*.vk.com yastatic.net *.yandex.ru *.googlesyndication.com *.google-analytics.com; style-src 'self' 'unsafe-inline' vk.com *.vk.com https://vk.com https://*.vk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' vk.com *.vk.com https://vk.com https://*.vk.com *.yandex.ru yandex.st userapi.com *.google-analytics.com *.googlesyndication.com *.gstatic.com; object-src 'self' vk.com *.vk.com https://vk.com https://*.vk.com *.gstatic.com; connect-src 'self' 'unsafe-inline' vk.com *.vk.com https://vk.com https://*.vk.com *.yandex.ru; frame-src 'self' vk.com *.vk.com https://vk.com https://*.vk.com userapi.com *.doubleclick.net https://*.doubleclick.net *.yandex.ru; font-src 'self'; report-uri http://site.ru/csp.php;

but all the same issues that is forbidden by policy of protection of content

the website on which it is possible to look at a problem of https://две-копейки.рф/accaunt/

on other browsers there is no problem, only with the fumbler (at shutdown in about:config of the line security.csp.enable naturally the problem disappears, but it not the decision certainly)

prompt please how to solve this problem, I already tried everything

Hello! Since recent time there was a problem with CSP on the Russian domains. Mozila blocks a vk.com frame (authorizations) at which on the website the Russian Russian Federation domain. I tried to include CSP, did not help, I do not know any more as to do here example of my CSP, default-src 'self' vk.com *.vk.com https://vk.com https://*.vk.com; img-src 'self' vk.com *.vk.com https://vk.com https://*.vk.com yastatic.net *.yandex.ru *.googlesyndication.com *.google-analytics.com; style-src 'self' 'unsafe-inline' vk.com *.vk.com https://vk.com https://*.vk.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' vk.com *.vk.com https://vk.com https://*.vk.com *.yandex.ru yandex.st userapi.com *.google-analytics.com *.googlesyndication.com *.gstatic.com; object-src 'self' vk.com *.vk.com https://vk.com https://*.vk.com *.gstatic.com; connect-src 'self' 'unsafe-inline' vk.com *.vk.com https://vk.com https://*.vk.com *.yandex.ru; frame-src 'self' vk.com *.vk.com https://vk.com https://*.vk.com userapi.com *.doubleclick.net https://*.doubleclick.net *.yandex.ru; font-src 'self'; report-uri http://site.ru/csp.php; but all the same issues that is forbidden by policy of protection of content the website on which it is possible to look at a problem of https://две-копейки.рф/accaunt/ on other browsers there is no problem, only with the fumbler (at shutdown in about:config of the line security.csp.enable naturally the problem disappears, but it not the decision certainly) prompt please how to solve this problem, I already tried everything