When having "Content Security Policy" active on my 2 websites, Firefox don't work, but my site work with all the other browsers, except firefox.
I run a few websites, in the NGINX settings you can create a directive to include "Content Security Policy". When I have this active my site is working in all the other major browsers, Chrome, Chromium, Safari, Opera, Edge, but NOT in Firefox. When I test my sites on various pentest tools, like https://observatory.mozilla.org/ for example I get A+, A- & A respectively, but when I access my sites on Firefox they don't even load, its so quick, the server just drops the connection when I try to access it with Firefox, there is even nothing in the console to view with Firefox. When I go back to NGINX and comment out the Content Security Policy, all my sites work with Firefox, but that defeats the purpose because now I get F ratings on the pentest tools etc, I have looked at the Content Security Policy pages of Mozilla and its seems the latest version of firefox DO support Content Security Policy. Can you tell me which directives in the CSP does not work with Firefox and is there a workaround.
Krejt Përgjigjet (2)
Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)?