Why do I receive a security block when I try to complete a "verified by Visa" form to reload my Macdonalds Archcard?
The message received is: Blocked by Content Security Policy
This page has a content security policy that prevents it from being loaded in this way.
Firefox prevented this page from loading in this way because the page has a content security policy that disallows it.
Chosen solution
After trying every day since 9/18 to reload my card, and failing, today is finally the day! McDonald's must have fixed the problem. I was able to reload the card. Thanks for your help.
Read this answer in context 👍 0All Replies (13)
Please provide public link(s) (no password) that we can check out. No Personal Information Please !
Many site issues can be caused by corrupt cookies or cache.
- Clear the Cache and
- Remove Cookies
Warning ! ! This will log you out of sites you're logged in to. You may also lose any settings for that website.
Type about:preferences<enter> in the address bar.
- Cookies; Select Privacy. Under History, select
Firefox will Use Custom Settings. Press the button on the right side called Show Cookies. Use the search bar to look for the site. Note; There may be more than one entry. Remove All of them.
- Cache; Select Advanced > Network. Across from
Cached Web Content, Press Clear Now.
If there is still a problem, Start Firefox in Safe Mode {web link} A small dialog should appear. Click Start In Safe Mode (not Refresh). While you are in safe mode;
Try disabling graphics hardware acceleration in Firefox. Since this feature was added to Firefox it has gradually improved but there are still a few glitches.
You will need to restart Firefox for this to take effect so save all work first (e.g., mail you are composing, online documents you're editing, etc.,) and then perform these steps:
In Firefox 54 and below:
- Click the menu button and select Options (Windows) or Preferences (Mac, Linux).
- Select the Advanced panel and the General tab.
- Uncheck Use hardware acceleration when available.
- Close Firefox completely and then restart Firefox to see if the problem persists.
In Firefox 55 and above:
- Click the menu button and select Options (Windows) or Preferences (Mac, Linux).
- Select the General panel.
- Under Performance, uncheck Use recommended performance settings. Additional settings will be displayed.
- Uncheck Use hardware acceleration when available.
- Close Firefox completely and then restart Firefox to see if the problem persists.
Did this fix your problems? Please report back to us!
If the problem is resolved, you should check for updates for your graphics driver by following the steps mentioned in these Knowledge base articles:
Unfortunately, this did not work.
Modified
FredMcD said
Please provide public link(s) (no password) that we can
check out. No Personal Information Please !
There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate.
https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can
https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites
https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message
https://support.mozilla.org/en-US/kb/connection-untrusted-error-message
A "Content Security Policy" is a set of instructions from a server meant to address certain security risks, such as strange scripts being injected into pages (telling Firefox not to trust them) or specifying when the page can be displayed in a frame on another site (only on some sites).
I can't tell which particular CSP is implicated in your situation; it might be a framing issue or something else.
Can you escalate this issue to McDonald's and see whether they are aware of it?
You can try to check the Web Console for more detail.
- "3-bar" menu button or Tools -> Web Developer
- https://developer.mozilla.org/en/Tools/Web_Console
jscher2000 said
A "Content Security Policy" is a set of instructions from a server meant to address certain security risks, such as strange scripts being injected into pages (telling Firefox not to trust them) or specifying when the page can be displayed in a frame on another site (only on some sites). I can't tell which particular CSP is implicated in your situation; it might be a framing issue or something else. Can you escalate this issue to McDonald's and see whether they are aware of it?
I tried to complete the transaction on Microsoft Edge, and the same problem occurs, with a slightly different message. I will try contacting Macdonalds.
jscher2000 said
A "Content Security Policy" is a set of instructions from a server meant to address certain security risks, such as strange scripts being injected into pages (telling Firefox not to trust them) or specifying when the page can be displayed in a frame on another site (only on some sites). I can't tell which particular CSP is implicated in your situation; it might be a framing issue or something else. Can you escalate this issue to McDonald's and see whether they are aware of it?
The message on Microsoft Edge is: "This content can’t be shown in a frame There is supposed to be some content here, but the publisher doesn’t allow it to be displayed in a frame. This is to help protect the security of any information you might enter into this site. Try this Open this in a new window" I tried this, and it went to a blank page. So it seems it's a framing problem, as you suggest.
Thanks for checking in Edge. It would be helpful if Firefox gave that information, too!
I have submitted an inquiry to Macdonalds. I will inform you of the results.
You probably can see this in the Network Monitor in the presence of an X-FRAME-OPTIONS header in the HTTP response headers.
Quote: This page has a content security policy that prevents it from being loaded in this way.
I think that this message usually points to loading in a frame. The frame would get an about:blank src attribute in cases like this.
On 09/23/2017, I received this response to my inquiry to McDonald's:
Hello Dennis:
Thank you for taking the time to contact McDonald's regarding our website, www.mcdonalds.com. We always appreciate hearing from our customers.
We apologize for the difficulty you recently had, trying to reload your Arch card on-line. Please know your comments have been shared with our Web Development Team. I am certain they will further investigate and take corrective action. In the meantime, I would recommend trying to reload your card from a different browser or checking back at a later time. I apologize for any inconvenience.
Again, thank you for contacting McDonald's. Caroline McDonald's Customer Contact Center
I informed them that I had already tried Firefox and sent them a copy of the Security Block message. I will update this thread as necessary.
Modified
Chosen Solution
After trying every day since 9/18 to reload my card, and failing, today is finally the day! McDonald's must have fixed the problem. I was able to reload the card. Thanks for your help.
That's good to hear. Please flag your last post as Solved Problem so others will know.