Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

What is Mozilla doing about Twitter embedded videos violating CSP?

more options

Twitter embedded video do not work on Firefox or Microsoft Edge because the embedded player violates the Content Security Policy (CSP). Twitter embedded videos do work on Google Chrome.

1. Are Mozilla actively pursuing the Twitter to remedy this issue for non-Chrome browsers? 2. Does Google Chrome implement CSP differently to Firefox and Edge?

Twitter embedded video do not work on Firefox or Microsoft Edge because the embedded player violates the Content Security Policy (CSP). Twitter embedded videos do work on Google Chrome. 1. Are Mozilla actively pursuing the Twitter to remedy this issue for non-Chrome browsers? 2. Does Google Chrome implement CSP differently to Firefox and Edge?

Toutes les réponses (6)

more options

Can you give a link to an example of where the problem occurs?

I'm not aware of a way to ignore CSP on a site-by-site basis, but an extension might be able remove those headers so that Firefox can't obey them. (Adding CSP headers is one way extensions control the kinds of content loaded into the page.)

more options

jscher2000 said

Can you give a link to an example of where the problem occurs? I'm not aware of a way to ignore CSP on a site-by-site basis, but an extension might be able remove those headers so that Firefox can't obey them. (Adding CSP headers is one way extensions control the kinds of content loaded into the page.)

For me it happens on any site where there is a embedded twitter video.

This page for example

https://www.theringer.com/nfl/2017/9/7/16270156/the-ringer-fantasy-football-draft-oral-history

It has an embedded Twitter video half way down. On pressing play it gives a black screen with text "the media cannot be played" and reports a CSP error

||twitter.com/i/csp_report? -- csp_report https://twitter.com/i/csp_report?a=NVQWGYLXFVYGYYLZMFRGYZJNNVSWI2LB&ro=false

If I disable CSP in about:config (toggle security.csp.enable to False) the video will play.

I have seen this happen on several websites using Firefox. It doesn't happen on Chrome. IDK if Firefox is doing something wrong, if Twitter is doing something wrong or Chrome is doing something wrong.

more options

I'm up to date on the Beta channel

Firefox 58.0b12 (64-bit)

more options

I confirmed the problem with the player on https://www.theringer.com/nfl/2017/9/7/16270156/the-ringer-fantasy-football-draft-oral-history

My download manager did find a 'stream' that I downloaded. A 2-minute clip. No issues playing the downloaded file.

more options

Some threads about Twitter:

more options

Hmm, if you open the Web Console in the lower part of the tab (Ctrl+Shift+k), then right-click the black video-fail rectangle, click This Frame, click Show Only This Frame: you get a new page on https://twitter.com/ that gives the same CSP errors. So it seems to be something internal to the embedded player page that is incompatible with Firefox.