Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Trang web này sẽ có chức năng hạn chế trong khi chúng tôi trải qua bảo trì để cải thiện trải nghiệm của bạn. Nếu một bài viết không giải quyết được vấn đề của bạn và bạn muốn đặt câu hỏi, chúng tôi có cộng đồng hỗ trợ của chúng tôi đang chờ để giúp bạn tại @FirefoxSupport trên Twitter và /r/firefox trên Reddit.

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

What is Mozilla doing about Twitter embedded videos violating CSP?

more options

Twitter embedded video do not work on Firefox or Microsoft Edge because the embedded player violates the Content Security Policy (CSP). Twitter embedded videos do work on Google Chrome.

1. Are Mozilla actively pursuing the Twitter to remedy this issue for non-Chrome browsers? 2. Does Google Chrome implement CSP differently to Firefox and Edge?

Twitter embedded video do not work on Firefox or Microsoft Edge because the embedded player violates the Content Security Policy (CSP). Twitter embedded videos do work on Google Chrome. 1. Are Mozilla actively pursuing the Twitter to remedy this issue for non-Chrome browsers? 2. Does Google Chrome implement CSP differently to Firefox and Edge?

Tất cả các câu trả lời (6)

more options

Can you give a link to an example of where the problem occurs?

I'm not aware of a way to ignore CSP on a site-by-site basis, but an extension might be able remove those headers so that Firefox can't obey them. (Adding CSP headers is one way extensions control the kinds of content loaded into the page.)

more options

jscher2000 said

Can you give a link to an example of where the problem occurs? I'm not aware of a way to ignore CSP on a site-by-site basis, but an extension might be able remove those headers so that Firefox can't obey them. (Adding CSP headers is one way extensions control the kinds of content loaded into the page.)

For me it happens on any site where there is a embedded twitter video.

This page for example

https://www.theringer.com/nfl/2017/9/7/16270156/the-ringer-fantasy-football-draft-oral-history

It has an embedded Twitter video half way down. On pressing play it gives a black screen with text "the media cannot be played" and reports a CSP error

||twitter.com/i/csp_report? -- csp_report https://twitter.com/i/csp_report?a=NVQWGYLXFVYGYYLZMFRGYZJNNVSWI2LB&ro=false

If I disable CSP in about:config (toggle security.csp.enable to False) the video will play.

I have seen this happen on several websites using Firefox. It doesn't happen on Chrome. IDK if Firefox is doing something wrong, if Twitter is doing something wrong or Chrome is doing something wrong.

more options

I'm up to date on the Beta channel

Firefox 58.0b12 (64-bit)

more options

I confirmed the problem with the player on https://www.theringer.com/nfl/2017/9/7/16270156/the-ringer-fantasy-football-draft-oral-history

My download manager did find a 'stream' that I downloaded. A 2-minute clip. No issues playing the downloaded file.

more options

Some threads about Twitter:

more options

Hmm, if you open the Web Console in the lower part of the tab (Ctrl+Shift+k), then right-click the black video-fail rectangle, click This Frame, click Show Only This Frame: you get a new page on https://twitter.com/ that gives the same CSP errors. So it seems to be something internal to the embedded player page that is incompatible with Firefox.