Site not loading when using ESR due to CSP
One of our vendors websites does not load under Firefox ESR, with errors in the console pointing to CSP. Error is: Content Security Policy: The page's settings blocked the loading of a resource at inline ("default-src")
However if I load the site under the normal Firefox release, it displays correctly. When looking at errors in console, it is showing 3 errors for CSP, however it does not stop the site from working correctly. Content-Security-Policy: The page's settings blocked the loading of a resources at https://..... ("connect-src") or ("img-src")
The site is https://app.approvalmax.com If you get the login screen then the site is working otherwise just getting a green background when it is not working.
I am unsure why ESR and RR versions are behaving differently in this case. Using the latest versions of each.
Athraithe ag chris.foster1 ar
Réiteach roghnaithe
This was fixed by https://bugzilla.mozilla.org/show_bug.cgi?id=1640128 in Firefox 109.
which unfortunately was not backported to the Firefox 102 ESR.
It works in the Firefox 115 ESR which will become the only supported ESR in a month.
I'm checking to see if there is a workaround.
Read this answer in context 👍 1All Replies (4)
Which ESR?
Firefox ESR 102.14.0 I have also tested with older releases of ESR (which are deployed within the organisation) and they are doing the same result.
Réiteach Roghnaithe
This was fixed by https://bugzilla.mozilla.org/show_bug.cgi?id=1640128 in Firefox 109.
which unfortunately was not backported to the Firefox 102 ESR.
It works in the Firefox 115 ESR which will become the only supported ESR in a month.
I'm checking to see if there is a workaround.
Thanks Mike. I have now tested using Firefox 115 ESR in my test VM and confirm that it does work. I'll need to get our team to look at pushing/deploying this through our organisation.