Some web site fail to load scripts
I noticed that a few web sites suddenly fail to load properly (layout is messed up). Specifically www.telerik.com which used to work just fine. I am using firefox on my enterprised issued computer. A few weeks back I noticed that the remember website and password auto fill was disabled. I suspect the enterprise security folks are making changes that is affecting firefox specifically and whatever they did recently makes firefox virtually unusable as a primary browser. Chrome loads this particular site just fine and so does the firefox installed on my personal computer.
My question is how to I prove that some enterprise security policy is messing up firefox?
Here is the first few lines from the browser console: ross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://d6vtbcy3ong79.cloudfront.net/fonts/1.1.5/metric/Metric-Medium.ttf. (Reason: CORS request did not succeed).[Learn More] Loading failed for the <script> with source “https://cl.qualaroo.com/ki.js/24100/4Nrqoo.js”. www.telerik.com:1:1 Loading failed for the <script> with source “https://connect.facebook.net/en_US/fbevents.js”. www.telerik.com:1:1 Loading failed for the <script> with source “https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975652292/?random=1557597064310&cv=9&fst=1557597064310&num=1&label=PcDCCOSAgwgQxIud0QM&guid=ON&resp=GooglemKTybQhCsO&u_h=1440&u_w=3440&u_ah=1400&u_aw=3440&u_cd=24&u_his=12&u_tz=-420&u_java=false&u_nplug=0&u_nmime=0>m=2wg521&sendb=1&frm=0&url=https%3A%2F%2Fwww.telerik.com%2F&tiba=Telerik%20UI%20for%20ASP.NET%20AJAX%2C%20MVC%2C%20Core%2C%20Xamarin%2C%20Angular%2C%20HTML5%20and%20jQuery&async=1&rfmt=3&fmt=4”. www.telerik.com:1:1 Loading failed for the <script> with source “https://static.ads-twitter.com/uwt.js”. www.telerik.com:1:1 Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://d6vtbcy3ong79.cloudfront.net/fonts/1.1.5/metric/Metric-Regular.ttf. (Reason: CORS request did not succeed).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://d6vtbcy3ong79.cloudfront.net/fonts/1.1.5/metric/Metric-Regular.woff2. (Reason: CORS request did not succeed).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://d6vtbcy3ong79.cloudfront.net/fonts/1.1.5/metric/Metric-Regular.woff. (Reason: CORS request did not succeed).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://d6vtbcy3ong79.cloudfront.net/fonts/1.1.5/metric/Metric-Regular.ttf. (Reason: CORS request did not succeed).[Learn More] The script from “https://dec.azureedge.net/sdk/telerik-dec-client.min.3.0.1.js” was loaded even though its MIME type (“application/octet-stream”) is not a valid JavaScript MIME type.[Learn More] www.telerik.com Log warning: The log 'Services.Common.RESTRequest' is configured to use the preference 'services.common.log.logger.rest.request' - you must adjust the level by setting this preference, not by using the level setter Log.jsm:20 TypeError: b is undefined products-min.75d406edb591.js:1:62
Chosen solution
You can set this pref to true on the about:config page to import root certificate(s) from the Windows certificate store.
- security.enterprise_roots.enabled = true
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
Read this answer in context 👍 0All Replies (7)
You have to provide a Screenshot of the error for other to compare.
Here is the browser console and the site appearance itself.
In Firefox 63+ you can check the about:policies#active page to see what policies are active.
I checked the settings. Nothing looked unusual other than the error tab. I attached images
The error in the first screenshot mentions a pref that can be found on the about:config page and not a valid policy and Can be ignored. On the second screenshot you can see what policies are active. It looks that they disable saving passwords and setting a master password. You also disabled the startup check to see if it is the default browser. So there is nothing related to loading web pages or blocking content.
You can try these steps in case of issues with web pages:
You can reload web page(s) and bypass the cache to refresh possibly outdated or corrupted files.
- hold down the Shift key and left-click the Reload button
- press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
- press "Command + Shift + R" (Mac)
Clear the Cache and remove the Cookies from websites that cause problems via the "3-bar" Firefox menu button (Options/Preferences).
"Remove the Cookies" from websites that cause problems:
- Options/Preferences -> Privacy & Security
Cookies and Site Data -> Manage Data
"Clear the Cache":
- Options/Preferences -> Privacy & Security
Cookies and Site Data -> Clear Data -> Cached Web Content: Clear
Start Firefox in Safe Mode to check if one of the extensions ("3-bar" menu button or Tools -> Add-ons -> Extensions) or if hardware acceleration is is causing the problem.
- switch to the DEFAULT theme: "3-bar" menu button or Tools -> Add-ons -> Themes
- do NOT click the "Refresh Firefox" button on the Safe Mode start window
I was able to trace the problem down to my company's firewall or proxy server. The scripts that it failed to load was running into certificate error with issuer unknown. Once I clicked to view the certificate it showed it was issued by my organization which was my clue to disconnect from the company's network and the problem went away. Other browsers are more permissive of the issuer unknown error, but Firefox isn't, which is why I use it.
Any ways, I will need to work with corporate IT to resolve this as they seemed to mess something up.
Thanks for all the suggestions!
Chosen Solution
You can set this pref to true on the about:config page to import root certificate(s) from the Windows certificate store.
- security.enterprise_roots.enabled = true
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.