Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Lolu chungechunge lwabekwa kunqolobane. Uyacelwa ubuze umbuzo omusha uma udinga usizo.

When having "Content Security Policy" active on my 2 websites, Firefox don't work, but my site work with all the other browsers, except firefox.

  • 2 uphendule
  • 2 zinale nkinga
  • 1 view
  • Igcine ukuphendulwa ngu dionbeukes

more options

I run a few websites, in the NGINX settings you can create a directive to include "Content Security Policy". When I have this active my site is working in all the other major browsers, Chrome, Chromium, Safari, Opera, Edge, but NOT in Firefox. When I test my sites on various pentest tools, like https://observatory.mozilla.org/ for example I get A+, A- & A respectively, but when I access my sites on Firefox they don't even load, its so quick, the server just drops the connection when I try to access it with Firefox, there is even nothing in the console to view with Firefox. When I go back to NGINX and comment out the Content Security Policy, all my sites work with Firefox, but that defeats the purpose because now I get F ratings on the pentest tools etc, I have looked at the Content Security Policy pages of Mozilla and its seems the latest version of firefox DO support Content Security Policy. Can you tell me which directives in the CSP does not work with Firefox and is there a workaround.

I run a few websites, in the NGINX settings you can create a directive to include "Content Security Policy". When I have this active my site is working in all the other major browsers, Chrome, Chromium, Safari, Opera, Edge, but NOT in Firefox. When I test my sites on various pentest tools, like https://observatory.mozilla.org/ for example I get A+, A- & A respectively, but when I access my sites on Firefox they don't even load, its so quick, the server just drops the connection when I try to access it with Firefox, there is even nothing in the console to view with Firefox. When I go back to NGINX and comment out the Content Security Policy, all my sites work with Firefox, but that defeats the purpose because now I get F ratings on the pentest tools etc, I have looked at the Content Security Policy pages of Mozilla and its seems the latest version of firefox DO support Content Security Policy. Can you tell me which directives in the CSP does not work with Firefox and is there a workaround.

All Replies (2)

more options

Can you post a link to a publicly accessible page (i.e. no authentication or signing on required)?