CSP rule depends on browser
I need some advice on what to tell mail.com support.
I can log into my mail webmail account mail.com, but when clicking to access my inbox to view my mail, this message appears:
"Blocked by Content Security Policy
This page has a content security policy that prevents it from being loaded in this way.
Firefox prevented this page from loading in this way because the page has a content security policy that disallows it."
Am I correct in assuming that the site in question is responsible for setting their own CSP, so they seem to have gotten something mixed up?
I have tested with all add on disabled as well. I found that the issue happens on Firefox 25.0.1, released 2014, (I cannot to due to add on compatibility) but does not happen on latest browser version so I am puzzled how can a Content Security Policy (CSP) rule be browser VERSION dependent?
Their support email just feeds me the "upgrade your browser" but is this not a bad CSP rule they can fix?
If mail.com will not help me can I disable CSP just for this site (not globally) in the browser - is there an add on that I can use to work around there unhelpful email support?
Bewerkt door Scott op
Alle antwoorden (3)
Start Firefox in Safe Mode to check if one of the extensions (Firefox menu button/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
- Switch to the DEFAULT theme: Firefox menu button/Tools > Add-ons > Appearance
- Do NOT click the Reset button on the Safe Mode start window
- https://support.mozilla.org/kb/Safe+Mode
- https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) to see if that helps.
Bewerkt door cor-el op
Skip said
.. I have tested with all add on disabled as well. ..
I have tested in safe mode (holding shift key down when Firefox starts). It made no difference. Using the OS in safe mode made no difference.
Skip said
I found that the issue happens on Firefox 25.0.1, released 2014, (I cannot to due to add on compatibility) but does not happen on latest browser version so I am puzzled how can a Content Security Policy (CSP) rule be browser VERSION dependent?
It's certainly possible there was a bug in the implementation of CSP in that version which was fixed later.
What kind of add-on doesn't work in Firefox 26 and later? (It's a security risk to use such an out-of-date version of Firefox.)