Questo sito potrebbe offrire funzionalità limitate durante le operazioni di manutenzione per migliorare l'esperienza utente. Se un articolo non risolve il tuo problema e vuoi richiedere supporto, la nostra comunità di supporto è pronta ad aiutarti tramite @FirefoxSupport su Twitter e /r/firefox su Reddit.

Cerca nel supporto

Attenzione alle mail truffa. Mozilla non chiederà mai di chiamare o mandare messaggi a un numero di telefono o di inviare dati personali. Segnalare qualsiasi attività sospetta utilizzando l'opzione “Segnala abuso”.

Ulteriori informazioni

Questa discussione è archiviata. Inserire una nuova richiesta se occorre aiuto.

What is Mozilla doing about Twitter embedded videos violating CSP?

more options

Twitter embedded video do not work on Firefox or Microsoft Edge because the embedded player violates the Content Security Policy (CSP). Twitter embedded videos do work on Google Chrome.

1. Are Mozilla actively pursuing the Twitter to remedy this issue for non-Chrome browsers? 2. Does Google Chrome implement CSP differently to Firefox and Edge?

Twitter embedded video do not work on Firefox or Microsoft Edge because the embedded player violates the Content Security Policy (CSP). Twitter embedded videos do work on Google Chrome. 1. Are Mozilla actively pursuing the Twitter to remedy this issue for non-Chrome browsers? 2. Does Google Chrome implement CSP differently to Firefox and Edge?

Tutte le risposte (6)

more options

Can you give a link to an example of where the problem occurs?

I'm not aware of a way to ignore CSP on a site-by-site basis, but an extension might be able remove those headers so that Firefox can't obey them. (Adding CSP headers is one way extensions control the kinds of content loaded into the page.)

more options

jscher2000 said

Can you give a link to an example of where the problem occurs? I'm not aware of a way to ignore CSP on a site-by-site basis, but an extension might be able remove those headers so that Firefox can't obey them. (Adding CSP headers is one way extensions control the kinds of content loaded into the page.)

For me it happens on any site where there is a embedded twitter video.

This page for example

https://www.theringer.com/nfl/2017/9/7/16270156/the-ringer-fantasy-football-draft-oral-history

It has an embedded Twitter video half way down. On pressing play it gives a black screen with text "the media cannot be played" and reports a CSP error

||twitter.com/i/csp_report? -- csp_report https://twitter.com/i/csp_report?a=NVQWGYLXFVYGYYLZMFRGYZJNNVSWI2LB&ro=false

If I disable CSP in about:config (toggle security.csp.enable to False) the video will play.

I have seen this happen on several websites using Firefox. It doesn't happen on Chrome. IDK if Firefox is doing something wrong, if Twitter is doing something wrong or Chrome is doing something wrong.

more options

I'm up to date on the Beta channel

Firefox 58.0b12 (64-bit)

more options

I confirmed the problem with the player on https://www.theringer.com/nfl/2017/9/7/16270156/the-ringer-fantasy-football-draft-oral-history

My download manager did find a 'stream' that I downloaded. A 2-minute clip. No issues playing the downloaded file.

more options

Some threads about Twitter:

more options

Hmm, if you open the Web Console in the lower part of the tab (Ctrl+Shift+k), then right-click the black video-fail rectangle, click This Frame, click Show Only This Frame: you get a new page on https://twitter.com/ that gives the same CSP errors. So it seems to be something internal to the embedded player page that is incompatible with Firefox.