We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

When having "Content Security Policy" active on my 2 websites, Firefox don't work, but my site work with all the other browsers, except firefox.

  • 2 réponses
  • 2 ont ce problème
  • 1 vue
  • Dernière réponse par dionbeukes

more options

I run a few websites, in the NGINX settings you can create a directive to include "Content Security Policy". When I have this active my site is working in all the other major browsers, Chrome, Chromium, Safari, Opera, Edge, but NOT in Firefox. When I test my sites on various pentest tools, like https://observatory.mozilla.org/ for example I get A+, A- & A respectively, but when I access my sites on Firefox they don't even load, its so quick, the server just drops the connection when I try to access it with Firefox, there is even nothing in the console to view with Firefox. When I go back to NGINX and comment out the Content Security Policy, all my sites work with Firefox, but that defeats the purpose because now I get F ratings on the pentest tools etc, I have looked at the Content Security Policy pages of Mozilla and its seems the latest version of firefox DO support Content Security Policy. Can you tell me which directives in the CSP does not work with Firefox and is there a workaround.

I run a few websites, in the NGINX settings you can create a directive to include "Content Security Policy". When I have this active my site is working in all the other major browsers, Chrome, Chromium, Safari, Opera, Edge, but NOT in Firefox. When I test my sites on various pentest tools, like https://observatory.mozilla.org/ for example I get A+, A- & A respectively, but when I access my sites on Firefox they don't even load, its so quick, the server just drops the connection when I try to access it with Firefox, there is even nothing in the console to view with Firefox. When I go back to NGINX and comment out the Content Security Policy, all my sites work with Firefox, but that defeats the purpose because now I get F ratings on the pentest tools etc, I have looked at the Content Security Policy pages of Mozilla and its seems the latest version of firefox DO support Content Security Policy. Can you tell me which directives in the CSP does not work with Firefox and is there a workaround.

Toutes les réponses (2)

more options

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)?