Avatar for Username

Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Learn More

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Content Security Policy blocking external script

  • 5 antwoorden
  • 0 hebben dit probleem
  • 21 weergaven
  • Laatste antwoord van cor-el

contact778
contact778
more options

Hello,

I am experiencing an issue when accessing my website using Firefox on Mac.

The browser blocks the loading of an external Google Adsense script, logging the following error: "Content Security Policy: The page's settings blocked the loading of a resource". Here is an example URL:

https://www.varbes.com/

To my understanding, the site does not have a Content Security Policy ('CSP'). We don't send a CSP network header or in the HTML, so am at a bit of a loss as to how I debug this.

I don't see the same issue using Firefox on Windows, or with Chrome, Edge or Safari. I have performed a fresh install of Firefox on my Mac to make sure no extensions are causing the issue.

Other websites seem to be running the same AdSense code okay.

Any suggestions would be greatly appreciated.

Many thanks, Matt

Hello, I am experiencing an issue when accessing my website using Firefox on Mac. The browser blocks the loading of an external Google Adsense script, logging the following error: "Content Security Policy: The page's settings blocked the loading of a resource". Here is an example URL: https://www.varbes.com/ To my understanding, the site does not have a Content Security Policy ('CSP'). We don't send a CSP network header or in the HTML, so am at a bit of a loss as to how I debug this. I don't see the same issue using Firefox on Windows, or with Chrome, Edge or Safari. I have performed a fresh install of Firefox on my Mac to make sure no extensions are causing the issue. Other websites seem to be running the same AdSense code okay. Any suggestions would be greatly appreciated. Many thanks, Matt

Alle antwoorden (5)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

That data is probably blocked by ETP.

Firefox shows a purple shield instead of a gray shield at the left end of the location/address bar in case Enhanced Tracking Protection is blocking content.

  • click the shield icon for more detail and possibly disable the protection

You can check the Web Console for relevant-looking messages about blocked content.

contact778
contact778 Vraageigenaar
more options

Hi cor-el,

Thanks for responding to my problem.

I have just tried the site with ETP turned off and am still seeing the scripts blocked on Firefox for Mac due to CSP violations - I don't see this on Firefox for Windows with ETP on or off.

I have attached a screenshot of the network and console log on Mac to show the difference. I have turned ETP off so the beacon tracking requests are allowed.

Many thanks, Matt

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

For me that item is blocked by ETP and get a crossed shield with ETP disabled.

contact778
contact778 Vraageigenaar
more options

The script doesn't look blocked in your latest screenshot - it is the third last item (120kb script from domain pagead2... with a file name 'show_ads_...'. This script is only blocked on Firefox for Mac browsers from my tests.

The request that is being blocked in your screenshot is a tracking request -- this is fine as it doesn't break the site functionality (but blocked the script does affect site functionality).

Thanks, Matt

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

What I meant to show is that the two pagead2 you mention have the shield. I'm not sure why there is still one left as blocked by tracking when ETP is disabled via the shield. Firefox can replace some tracking related files by shimmed versions that have limited effect (i.e. they let the caller believe that it worked successful).