CSP rule depends on browser
I need some advice on what to tell mail.com support.
I can log into my mail webmail account mail.com, but when clicking to access my inbox to view my mail, this message appears:
"Blocked by Content Security Policy
This page has a content security policy that prevents it from being loaded in this way.
Firefox prevented this page from loading in this way because the page has a content security policy that disallows it."
Am I correct in assuming that the site in question is responsible for setting their own CSP, so they seem to have gotten something mixed up?
I have tested with all add on disabled as well. I found that the issue happens on Firefox 25.0.1, released 2014, (I cannot to due to add on compatibility) but does not happen on latest browser version so I am puzzled how can a Content Security Policy (CSP) rule be browser VERSION dependent?
Their support email just feeds me the "upgrade your browser" but is this not a bad CSP rule they can fix?
If mail.com will not help me can I disable CSP just for this site (not globally) in the browser - is there an add on that I can use to work around there unhelpful email support?
Gewysig op
All Replies (3)
Start Firefox in Safe Mode to check if one of the extensions (Firefox menu button/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem.
- Switch to the DEFAULT theme: Firefox menu button/Tools > Add-ons > Appearance
- Do NOT click the Reset button on the Safe Mode start window
- https://support.mozilla.org/kb/Safe+Mode
- https://support.mozilla.org/kb/Troubleshooting+extensions+and+themes
Boot the computer in Windows Safe Mode with network support (press F8 on the boot screen) to see if that helps.
Gewysig op
Skip said
.. I have tested with all add on disabled as well. ..
I have tested in safe mode (holding shift key down when Firefox starts). It made no difference. Using the OS in safe mode made no difference.
Skip said
I found that the issue happens on Firefox 25.0.1, released 2014, (I cannot to due to add on compatibility) but does not happen on latest browser version so I am puzzled how can a Content Security Policy (CSP) rule be browser VERSION dependent?
It's certainly possible there was a bug in the implementation of CSP in that version which was fixed later.
What kind of add-on doesn't work in Firefox 26 and later? (It's a security risk to use such an out-of-date version of Firefox.)