User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0

Steps to reproduce:

Trying to set up a CSP policy for an application, which uses web workers.

Actual results:

When a CSP error occurs in a worker, Firefox only reports that a load error occurs, with no precision or explanation:

Failed to load '<some-url>'. A ServiceWorker passed a promise to FetchEvent.respondWith() that rejected with 'TypeError: NetworkError when attempting to fetch resource.'.

Expected results:

By comparison Chrome will show a message similar to what both browsers show when the error occurs outside of a worker, including the actual CSP sub-rule which caused the issue:

Refused to connect to '<some-url>' because it violates the following Content Security Policy directive: "connect-src 'self'".

Chrome also provides a traceback of the fetch call.

Hm that formatting is not great and apparently I can edit the table at the top but not the actual description of the issue?

Anyway that makes trying to debug CSP X workers issues on firefox nigh impossible, and basically requires chrome/chromium, which is frustrating. More generally (but harder to reproduce) Firefox seems to have much less reliable and feature-ful logging from workers to the console. Looking around the devtools/toolbox' options didn't turn up anything which looked related to interactions between console/logging and workers.

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.