inaccurate content security policy
I believe that Firefox is inaccurately blocking a resource, however it's likely that I'm just mis-understanding how it should be set up.
I see that there is this open bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1242016 that would likely have helped me.
The issue:
It looks to me that my Content Security Policy header settings here are correct: https://thekyel.com/
Yet I get the message: "Content Security Policy: The page’s settings blocked the loading of a resource at http://thekyel.com/basic.css (“style-src https://thekyel.com https://thekyel.com”). (unknown)"
I do realize that it's more likely that my headers are indeed incorrect, but without better logging, I know of no other way to diagnose the issue.
Let me know if I am mistaken, or where I can investigate more
(I have disabled all addons)
Выбранное решение
Try editing the protocol on the src href attribute here since your CSP requires HTTPS:
<link rel="stylesheet" type="text/css" href="http://thekyel.com/basic.css">
Прочитайте этот ответ в контексте 👍 1Все ответы (3)
Выбранное решение
Try editing the protocol on the src href attribute here since your CSP requires HTTPS:
<link rel="stylesheet" type="text/css" href="http://thekyel.com/basic.css">
Изменено jscher2000 - Support Volunteer
Ah, derp. Thank you very much.
Is there any other resource that I can use to help me troubleshoot something like that other than looking for typos?
CaptSpify said
Is there any other resource that I can use to help me troubleshoot something like that other than looking for typos?
Hmm, better error messages in the console??
I always check for a mismatch for host names with and without www as that's a common issue with cross-site and CSP errors. Noticing the protocol was just luck, really.
One way to minimize protocol discrepancies is to change your href and src values to "//hostname/path" so the browser uses the current page's protocol for those URIs.
Изменено jscher2000 - Support Volunteer