We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Trouble with Content Security Policy (CSP)

  • 1 jibu
  • 3 wana tatizo hili
  • 14 views
  • Last reply by guigs

more options

In the latest Firefox 33 there seem to be an issue with Content Security Policy (CSP) and how it handles url that are url encoded. For instance when some CSP directive is set to like https://mywebsite.com/application/do;jsessiond=1234 - it will get URL encoded so the ; gets replaced by %3B. In Firefox 32 and earlier this worked, but not in this new solution.

In the latest Firefox 33 there seem to be an issue with Content Security Policy (CSP) and how it handles url that are url encoded. For instance when some CSP directive is set to like https://mywebsite.com/application/do;jsessiond=1234 - it will get URL encoded so the ; gets replaced by %3B. In Firefox 32 and earlier this worked, but not in this new solution.

All Replies (1)

more options

It may be that it needs a header application/x-www-form-urlencoded is this included in your url request as well as charset UTF-8?

If you select a different encoding via web dev https://developer.mozilla.org/en-US/d.../encodeURI

This sounds like what it did before? http://www.justarrangingbits.org/fire.../index.html