Closed
Bug 886132
Opened 11 years ago
Closed 11 years ago
Disqus comments system on CNN claims that Firefox is not supported
Categories
(Tech Evangelism Graveyard :: English US, defect)
Tech Evangelism Graveyard
English US
Tracking
(firefox23 unaffected, firefox24- affected, firefox25- affected)
RESOLVED
DUPLICATE
of bug 885433
Tracking | Status | |
---|---|---|
firefox23 | --- | unaffected |
firefox24 | - | affected |
firefox25 | - | affected |
People
(Reporter: unghost, Assigned: geekboy)
Details
Attachments
(3 files)
(deleted),
image/png
|
Details | |
(deleted),
image/png
|
Details | |
(deleted),
patch
|
Details | Diff | Splinter Review |
STR:
1) Open http://edition.cnn.com/2013/06/22/politics/nsa-leaks/index.html
Expected results:
Comments are shown as usual
Actual results:
Comments are shown in legacy mode with following comment:
Sorry, the browser you are using is not currently supported. Disqus actively supports the following browsers:
Firefox
Chrome
Internet Explorer 8+
Safari
This page is forcing your browser to use legacy mode, which is not compatible with Disqus. Please see our troubleshooting guide to get more information about this error.
I see a ton of warnings in Firefox error console like:
Warning: Content Security Policy: Directive inline style base restriction violated
Source: http://disqus.com/embed/comments/?f=cnn&t_i=%2F2013%2F06%2F23%2Fpolitics%2Fnsa-leaks%2Findex.html&t_u=http%3A%2F%2Fwww.cnn.com%2F2013%2F06%2F23%2Fpolitics%2Fnsa-leaks%2Findex.html&t_t=WikiLeaks%3A%20Snowden%20arrives%20in%20Moscow&t_e=WikiLeaks%3A%20Snowden%20arrives%20in%20Moscow&t_d=WikiLeaks%3A%20Snowden%20arrives%20in%20Moscow&t_c=207582&s_o=popular&disqus_version=1371773468#3
so probaly it caused some change in Content Security Policy, perhaps Bug 764937
Reporter | ||
Comment 1•11 years ago
|
||
Same error on Disqus test page - http://newsbusters.org/here-test-disqus-page.html
Reporter | ||
Comment 2•11 years ago
|
||
Actually on test page comments are shown twice - first in legacy mode, second in normal mode.
Assignee | ||
Comment 3•11 years ago
|
||
I can't reproduce this in Nightly 24a1 on Mac OS X. Are you using any add-ons that apply a content security policy (like UserCSP)? What version of Firefox are you using, and on which platform?
Reporter | ||
Comment 4•11 years ago
|
||
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #3)
> I can't reproduce this in Nightly 24a1 on Mac OS X. Are you using any
> add-ons that apply a content security policy (like UserCSP)? What version
> of Firefox are you using, and on which platform?
I see it on Nightly 24a1 on 64-bit Linux with new Firefox profile - Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20130624 Firefox/24.0 ID:20130624031040 CSet: 76820c6dff7b
Also I've reproduced it on Nightly 24a1 on Windows XP - Mozilla/5.0 (Windows NT 5.1; rv:24.0) Gecko/20130624 Firefox/24.0
Some people on Mozillazine claim that they have seen it too - http://forums.mozillazine.org/viewtopic.php?p=12929261#p12929261
Comment 5•11 years ago
|
||
I see it too: a warning and two sets of comments. 2013-06-24-03-10-40-mozilla-central-firefox-24.0a1.ru.linux-x86_64
Assignee | ||
Comment 6•11 years ago
|
||
Are you using any add-ons?
Also, can you help me identify the content security policy (since I can't reproduce it myself)? It will be sent as an HTTP header on one of the HTML documents.
Comment 7•11 years ago
|
||
comment 5 is without any add-ons, with a "temporary profile" created with the external ProfileManager.
Reporter | ||
Comment 8•11 years ago
|
||
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #6)
> Are you using any add-ons?
No.
> Also, can you help me identify the content security policy (since I can't
> reproduce it myself)? It will be sent as an HTTP header on one of the HTML
> documents.
Probably this header (taken from Firefox network console):
Vary: Accept-Encoding
Surrogate-Control: max-age=5
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Date: Mon, 24 Jun 2013 18:09:49 GMT
Content-Type: text/html; charset=utf-8
content-security-policy: script-src 'unsafe-eval' 'self' *.disqus.com:* *.google-analytics.com:* *.scorecardresearch.com:*
Content-Length: 3297
Content-Encoding: gzip
Connection: close
Cache-Control: no-cache, public, must-revalidate
Accept-Ranges: bytes
Reporter | ||
Comment 9•11 years ago
|
||
I also can reproduce it on http://www.gossipcop.com/
Comment 10•11 years ago
|
||
Reproduces for me on Nightly 24.0a1 (2013-06-23) on Windows 7. Does not reproduce for me on Aurora 23.0a2 (2013-06-24). Fresh profiles in both cases. I looked at the requests going to disqus.com but didn't actually see any CSP headers...
Comment 11•11 years ago
|
||
Ah, good work finding the CSP header, Alexander, thanks !
What may be happening here is that Disqus isn't expecting the style blocking to be happening if they don't provide a style-src or default-src directive. That's bug 885433.
Reporter | ||
Comment 12•11 years ago
|
||
Requesting for tracking Firefox 24 and 25. Disqus is very popular online discussion and commenting service for websites ( http://en.wikipedia.org/wiki/Disqus ) and it would be quite bad to leave it broken for users.
Disqus support claims that they support only Firefox release builds, but not nightly builds - https://twitter.com/disqushelp/status/349587272670248961
tracking-firefox24:
--- → ?
tracking-firefox25:
--- → ?
Reporter | ||
Comment 13•11 years ago
|
||
FWIW this user ( https://twitter.com/disqushelp/status/349587272670248961 ) claims that he doesn't see any issues in Firefox Nightly on Mac. Sid hadn't seen any issues on Mac OS X too.
Perhaps this bug is Windows/Linux only.
Comment 14•11 years ago
|
||
(In reply to Alexander L. Slovesnik from comment #13)
I can definitely reproduce on Mac.
Comment 15•11 years ago
|
||
Hi, I'm Using Firefox Nightly on Mac, But I'm facing the issues.
I'm unable to comment using DIsqus.
System Info : MAC OS X 10.8.4
Comment 16•11 years ago
|
||
Updated•11 years ago
|
status-firefox23:
--- → unaffected
status-firefox24:
--- → affected
status-firefox25:
--- → affected
Comment 17•11 years ago
|
||
(In reply to Ian Melven :imelven from comment #11)
> Ah, good work finding the CSP header, Alexander, thanks !
>
> What may be happening here is that Disqus isn't expecting the style blocking
> to be happening if they don't provide a style-src or default-src directive.
> That's bug 885433.
Hey Ian, is Bug 885433 going to be the right fix from our side to resolve the issue ?
Comment 18•11 years ago
|
||
(In reply to bhavana bajaj [:bajaj] from comment #17)
> (In reply to Ian Melven :imelven from comment #11)
> > Ah, good work finding the CSP header, Alexander, thanks !
> >
> > What may be happening here is that Disqus isn't expecting the style blocking
> > to be happening if they don't provide a style-src or default-src directive.
> > That's bug 885433.
>
> Hey Ian, is Bug 885433 going to be the right fix from our side to resolve
> the issue ?
that's my impression right now based on Alexander's information in comment 8, but I haven't looked too deeply at what's going on. Btw, grobinson mentioned to me earlier today he's looking at bug 885433.
Assignee | ||
Comment 19•11 years ago
|
||
Yeah, looks like bug 885433 should fix this issue. I whipped up a hacky fix that allows inline-styles by default but disallows them when style-src is present (without the unsafe-inline keyword). Seems to fix the problem, but not sure it's the right way forward. What do you think, garrett?
Assignee: english-us → sstamm
Attachment #768080 -
Flags: feedback?(grobinson)
Comment 20•11 years ago
|
||
Hi,
One of the Nightly Tester Mentioned Disqus works fine on 10.7.5 on all Firefox browsers even Nightly and Aurora"
Comment 21•11 years ago
|
||
Same error on www.geforce.com (example http://www.geforce.com/whats-new/articles/introducing-the-geforce-gtx-760#disqus_thread)
in Nightly 25.0a1 (2013-06-26), Windows 8 Pro
Comment 22•11 years ago
|
||
I have the issues on Mac and Linux. all running the greatest and latest nightly.
Comment 23•11 years ago
|
||
Garrett is working on a fix for 885433 that should take care of this based on Sid's experiment in comment 19, we had to divert briefly to fix bug 887974 which his work uncovered.
Comment 24•11 years ago
|
||
In https://bugzilla.mozilla.org/show_bug.cgi?id=885433#c5 Garrett says his patch fixes the issue with Disqus so duping this to that.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Updated•11 years ago
|
Attachment #768080 -
Flags: feedback?(grobinson)
Updated•10 years ago
|
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•