Results 1 to 6 of 6

Thread: Strange Error

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,310

    Strange Error

    The following page works great on Firefox V56. If scripts are not enabled, the page displays the message and exits.
    Code:
    <!DOCTYPE html>
    <html>
    <head>
        <meta charset="utf-8">
        <p><script></script>
           <noscript>JavaScript is disabled, please turn on!</noscript>
           <!-- --> 
        </p>
        <script src="./test.js"></script> 
        <script>adjust()</script>
        <script>window.location.replace("/")</script>
    </head>
    But when tested on Firefox V92, I get the following error:
    ---------------------------------
    Content Security Policy: Couldn't process unknown directive script-src-attr
    Loading failed for the <script> with source http://192.168.0.4:5197/test.js. 192.168.0.4:5197:1:1
    Content Security Policy: The page's settings blocked the loading of a resource at http://192.168.0.4:5197/test.js (script-src). 3
    Content Security Policy: Couldn't process unknown directive script-src-elem
    Content Security Policy: Couldn't process unknown directive script-src-attr
    Content Security Policy: The page's settings blocked the loading of a resource at inline (script-src). 6
    ---------------------------------
    NoScript is being used on both systems to block scripts. When enabled on Firefox V56, it proceeds to execute the script "test.js" properly, but not on V92. It does not give any message at all; it simple doesn't execute "test.js" because it has not been loaded. It has taken quite a while just to figure this much out.

    The problem appears to be caused by the version of NoScript used by Firefox V92. Are there modifications I can make to the page file to prevent this error?

    J.A. Coutts

  2. #2
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Location
    South Louisiana
    Posts
    11,147

    Re: Strange Error

    What happens if you add the following CSP meta tag:
    Code:
    <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
    Basically what this should allow is script files to references files from its own origin which is why I think this would work.

    P.S. - CSP errors have been a pain in my side for the last couple of weeks, so I feel your pain.
    "Code is like humor. When you have to explain it, it’s bad." - Cory House
    VbLessons | Code Tags | Sword of Fury - Jameram

  3. #3

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,310

    Re: Strange Error

    Quote Originally Posted by dday9 View Post
    What happens if you add the following CSP meta tag:
    Code:
    <meta http-equiv="Content-Security-Policy" content="default-src 'self'">
    Basically what this should allow is script files to references files from its own origin which is why I think this would work.

    P.S. - CSP errors have been a pain in my side for the last couple of weeks, so I feel your pain.
    Running it on Version 56 produces:
    Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src file://”). Source: adjust().

    I ran this on V56 because V92 doesn't appear to support cookies on file loads. It also doesn't allow direct browser access to individual cookies, so I have to use the Developer Tools instead. "CSP: default-src" is supposed to be supported on Firefox V23 or better.

    J.A. Coutts

    Addendum:
    I was finally able to create the Meta tag in VB6, and added it to the page info. It produced the following errors:
    --------------------------------
    Content Security Policy: The page’s settings blocked the loading of a resource at self (“default-src http://localhost:5197”). Source: adjust().
    Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src http://localhost:5197”). Source: window.location.replace('/').
    ---------------------------------
    Last edited by couttsj; Nov 11th, 2021 at 06:03 PM.

  4. #4

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,310

    Re: Strange Error

    Had some success. Added a Meta Tag:
    <meta http-equiv='Content-Security-Policy' content='default-src *'>
    as suggested by:
    https://www.cloudbees.com/blog/how-t...ecurity-policy
    and the problem went away. Of course, this is not a good policy, but at least it is a start.

    J.A. Coutts
    Last edited by couttsj; Nov 11th, 2021 at 06:44 PM.

  5. #5
    Super Moderator dday9's Avatar
    Join Date
    Mar 2011
    Location
    South Louisiana
    Posts
    11,147

    Re: Strange Error

    That’s sort of what I was getting at with “self” which is why I’m surprised that it didn’t work.
    "Code is like humor. When you have to explain it, it’s bad." - Cory House
    VbLessons | Code Tags | Sword of Fury - Jameram

  6. #6

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,310

    Re: Strange Error

    Quote Originally Posted by dday9 View Post
    That’s sort of what I was getting at with “self” which is why I’m surprised that it didn’t work.
    What this tells me is that newer versions of Firefox block script sources by default, and have to specifically be authorized. I assume that Chrome and Edge do the same, but I cannot confirm that. If I am wrong, please let me know.

    J.A. Coutts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width