搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Website not working with firefox on multiple computers

  • 5 个回答
  • 2 人有此问题
  • 1 次查看
  • 最后回复者为 cor-el

more options

I have a website (https://discinsights.com) It works on other browsers but not in firefox. I cannot figure out why.

It is crashing somewhere in the SSL/TLS process. In the network tab of the developer tools I can see the request and it stops during the TLS Setup phase, but it gets the SSL Cert.

I am running the site with Nginx 1.13.3 Openssl 1.1.0f and certs signed by Lets Encrypt. At first I thought it was an OCSP must staple issue, I re-issued the certs without must-staple, and then disabled the stapling in nginx and it still won't load.

It stops at blank page. Whatever was there before is still the dominant page and reload clears out the url and loads the old page.

This happens on v49 (windows), v56.0 (32-bit) on windows 10, and v56.0.1 on OSX High Sierra.

The site is a Magento v2.1.8 store, but i doubt that is the issue since its not even getting to that point in the loading process.

The webserver is reporting a 200 status in the log. 173.239.230.43 - - [25/Oct/2017:09:05:58 -0400] "GET / HTTP/2.0" 200 20120 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0" "-" 24.154.8.253 - - [25/Oct/2017:09:08:00 -0400] "GET / HTTP/2.0" 200 20120 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:56.0) Gecko/20100101 Firefox/56.0" "-"

I am at a complete loss here as to why it is not working. Any help would be appreciated!

The odd thing is I have another web site (https://free.peoplekeys.com) on a separate server, set up the same way (differences: php v7.1 and nginx 1.13.2 instead of php v7.0 and nginx 1.13.3) and it works fine in firefox. . Also from lets encrypt. On that one OCSP must staple and nginx stapling is enabled, no problems.

I have a website (https://discinsights.com) It works on other browsers but not in firefox. I cannot figure out why. It is crashing somewhere in the SSL/TLS process. In the network tab of the developer tools I can see the request and it stops during the TLS Setup phase, but it gets the SSL Cert. I am running the site with Nginx 1.13.3 Openssl 1.1.0f and certs signed by Lets Encrypt. At first I thought it was an OCSP must staple issue, I re-issued the certs without must-staple, and then disabled the stapling in nginx and it still won't load. It stops at blank page. Whatever was there before is still the dominant page and reload clears out the url and loads the old page. This happens on v49 (windows), v56.0 (32-bit) on windows 10, and v56.0.1 on OSX High Sierra. The site is a Magento v2.1.8 store, but i doubt that is the issue since its not even getting to that point in the loading process. The webserver is reporting a 200 status in the log. 173.239.230.43 - - [25/Oct/2017:09:05:58 -0400] "GET / HTTP/2.0" 200 20120 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0" "-" 24.154.8.253 - - [25/Oct/2017:09:08:00 -0400] "GET / HTTP/2.0" 200 20120 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:56.0) Gecko/20100101 Firefox/56.0" "-" I am at a complete loss here as to why it is not working. Any help would be appreciated! The odd thing is I have another web site (https://free.peoplekeys.com) on a separate server, set up the same way (differences: php v7.1 and nginx 1.13.2 instead of php v7.0 and nginx 1.13.3) and it works fine in firefox. . Also from lets encrypt. On that one OCSP must staple and nginx stapling is enabled, no problems.
已附加屏幕截图

被采纳的解决方案

Well that lead me to the issue and fix for sure!.

I noticed it got as far as processing the response headers in the logging (but didnt display them in the inspector tools). So i suspected the issue was there.

I saw this right after my CSP header was processed, and i suspected it was with my CSP headers. [Socket Thread]: I/nsHttp Http2Stream::ConvertResponseHeaders 0x12978f360 decode Error

I removed them from my config and sure enough it worked.

My CSP was multi-line, I removed the line breaks and added it back to my config and it worked.

So firefox will not correctly handle or fail gracefully on a multi-line CSP.

Broken:

   add_header Content-Security-Policy "
       default-src 'self' *.google.com *.youtube.com *.facebook.com *.fonts.google.com *.fonts.googleapis.com *.google-analytics.com *.googleapis.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net *.imgur.com *.500px.com www.reddit.com www.flickr.com c1.staticflickr.com maxcdn.bootstrapcdn.com code.ionicframework.com cdn.fontawesome.com;
       script-src 'self' 'unsafe-inline' 'unsafe-eval' *.discinsights.com *.google-analytics.com ajax.googleapis.com *.facebook.net *.facebook.com *.addthis.com *.zoho.com *.zohostatic.com *.addthisedge.com *.braintreegateway.com www.vimeo.com vimeo.com *.vimeocdn.com;
       style-src 'self' 'unsafe-inline' *.discinsights.com *.googleapis.com *.zoho.com *.zohostatic.com *.zohopublic.com;
       img-src 'self' *.discinsights.com *.google-analytics.com *.facebook.com *.doubleclick.net *.google.com *.paypalobjects.com *.vimeocdn.com data:;
       connect-src 'self' *.discinsights.com *.facebook.com *.zoho.com *.zohopublic.com *.addthis.com wss://vts.zohopublic.com;
       font-src 'self' *.discinsights.com themes.googleusercontent.com fonts.gstatic.com *.zohostatic.com data:;
       object-src 'none';
       media-src 'self';
       form-action 'self' *.discinsights.com *.facebook.com *.zoho.com;
       frame-src *.discinsights.com *.expedia.com *.facebook.com *.zendesk.com *.addthis.com *.braintreegateway.com *.vimeo.com http://*.vimeo.com;
       frame-ancestors *.discinsights.com theholyspirit.com *.peoplekeys.com studentkeys.com;
       report-uri https://peoplekeys.report-uri.io/r/default/csp/enforce;
   " always;

Works:

   add_header Content-Security-Policy "default-src 'self' *.google.com *.youtube.com *.facebook.com *.fonts.google.com *.fonts.googleapis.com *.google-analytics.com *.googleapis.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net *.imgur.com *.500px.com www.reddit.com www.flickr.com c1.staticflickr.com maxcdn.bootstrapcdn.com code.ionicframework.com cdn.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.discinsights.com *.google-analytics.com ajax.googleapis.com *.facebook.net *.facebook.com *.addthis.com *.zoho.com *.zohostatic.com *.addthisedge.com *.braintreegateway.com www.vimeo.com vimeo.com *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.discinsights.com *.googleapis.com *.zoho.com *.zohostatic.com *.zohopublic.com; img-src 'self' *.discinsights.com *.google-analytics.com *.facebook.com *.doubleclick.net *.google.com *.paypalobjects.com *.vimeocdn.com data:; connect-src 'self' *.discinsights.com *.facebook.com *.zoho.com *.zohopublic.com *.addthis.com wss://vts.zohopublic.com; font-src 'self' *.discinsights.com themes.googleusercontent.com fonts.gstatic.com *.zohostatic.com data:; object-src 'none'; media-src 'self'; form-action 'self' *.discinsights.com *.facebook.com *.zoho.com; frame-src *.discinsights.com *.expedia.com *.facebook.com *.zendesk.com *.addthis.com *.braintreegateway.com *.vimeo.com http://*.vimeo.com; frame-ancestors *.discinsights.com theholyspirit.com *.peoplekeys.com studentkeys.com; report-uri https://peoplekeys.report-uri.io/r/default/csp/enforce;" always;

The other browsers parse this correctly. I wonder if this is a bug I should file. I mean at least it should fail gracefully.

定位到答案原位置 👍 0

所有回复 (5)

more options

I don't see any explanation for it in Firefox. You could try some HTTP Logging to see whether you notice a difference between the two sites. The output is very verbose...

https://developer.mozilla.org/docs/Mozilla/Debugging/HTTP_logging

more options

I just updated both servers. They are now both running

nginx 1.13.6 Openssl 1.1.0f

reissued the certs and turned off must staple on both.

I will see if I can gleam anything from that HTTP_logging link.

more options

选择的解决方案

Well that lead me to the issue and fix for sure!.

I noticed it got as far as processing the response headers in the logging (but didnt display them in the inspector tools). So i suspected the issue was there.

I saw this right after my CSP header was processed, and i suspected it was with my CSP headers. [Socket Thread]: I/nsHttp Http2Stream::ConvertResponseHeaders 0x12978f360 decode Error

I removed them from my config and sure enough it worked.

My CSP was multi-line, I removed the line breaks and added it back to my config and it worked.

So firefox will not correctly handle or fail gracefully on a multi-line CSP.

Broken:

   add_header Content-Security-Policy "
       default-src 'self' *.google.com *.youtube.com *.facebook.com *.fonts.google.com *.fonts.googleapis.com *.google-analytics.com *.googleapis.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net *.imgur.com *.500px.com www.reddit.com www.flickr.com c1.staticflickr.com maxcdn.bootstrapcdn.com code.ionicframework.com cdn.fontawesome.com;
       script-src 'self' 'unsafe-inline' 'unsafe-eval' *.discinsights.com *.google-analytics.com ajax.googleapis.com *.facebook.net *.facebook.com *.addthis.com *.zoho.com *.zohostatic.com *.addthisedge.com *.braintreegateway.com www.vimeo.com vimeo.com *.vimeocdn.com;
       style-src 'self' 'unsafe-inline' *.discinsights.com *.googleapis.com *.zoho.com *.zohostatic.com *.zohopublic.com;
       img-src 'self' *.discinsights.com *.google-analytics.com *.facebook.com *.doubleclick.net *.google.com *.paypalobjects.com *.vimeocdn.com data:;
       connect-src 'self' *.discinsights.com *.facebook.com *.zoho.com *.zohopublic.com *.addthis.com wss://vts.zohopublic.com;
       font-src 'self' *.discinsights.com themes.googleusercontent.com fonts.gstatic.com *.zohostatic.com data:;
       object-src 'none';
       media-src 'self';
       form-action 'self' *.discinsights.com *.facebook.com *.zoho.com;
       frame-src *.discinsights.com *.expedia.com *.facebook.com *.zendesk.com *.addthis.com *.braintreegateway.com *.vimeo.com http://*.vimeo.com;
       frame-ancestors *.discinsights.com theholyspirit.com *.peoplekeys.com studentkeys.com;
       report-uri https://peoplekeys.report-uri.io/r/default/csp/enforce;
   " always;

Works:

   add_header Content-Security-Policy "default-src 'self' *.google.com *.youtube.com *.facebook.com *.fonts.google.com *.fonts.googleapis.com *.google-analytics.com *.googleapis.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net *.imgur.com *.500px.com www.reddit.com www.flickr.com c1.staticflickr.com maxcdn.bootstrapcdn.com code.ionicframework.com cdn.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.discinsights.com *.google-analytics.com ajax.googleapis.com *.facebook.net *.facebook.com *.addthis.com *.zoho.com *.zohostatic.com *.addthisedge.com *.braintreegateway.com www.vimeo.com vimeo.com *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.discinsights.com *.googleapis.com *.zoho.com *.zohostatic.com *.zohopublic.com; img-src 'self' *.discinsights.com *.google-analytics.com *.facebook.com *.doubleclick.net *.google.com *.paypalobjects.com *.vimeocdn.com data:; connect-src 'self' *.discinsights.com *.facebook.com *.zoho.com *.zohopublic.com *.addthis.com wss://vts.zohopublic.com; font-src 'self' *.discinsights.com themes.googleusercontent.com fonts.gstatic.com *.zohostatic.com data:; object-src 'none'; media-src 'self'; form-action 'self' *.discinsights.com *.facebook.com *.zoho.com; frame-src *.discinsights.com *.expedia.com *.facebook.com *.zendesk.com *.addthis.com *.braintreegateway.com *.vimeo.com http://*.vimeo.com; frame-ancestors *.discinsights.com theholyspirit.com *.peoplekeys.com studentkeys.com; report-uri https://peoplekeys.report-uri.io/r/default/csp/enforce;" always;

The other browsers parse this correctly. I wonder if this is a bug I should file. I mean at least it should fail gracefully.

more options

Yes, please file a bug. You may find when you start entering it that it's a duplicate, so you could search first (although that's often hit-or-miss).

https://bugzilla.mozilla.org/

more options

Bug 1411659 - Issue parsing CSP header