Forum on Firefox 96 - icons don't display

Hi I can’t see grey icons on this forum on Firefox 96. Chrome looks OK.

I tried the same browser and the icons work for me. What are those add-ons that you’ve got showing in the top right? Does it look correct if you disable those (e.g. start a private browsing window)?

Edit 1: Hmm, though having said that I’ve just tried a second time and this time I see the same as you…

Edit 2: I’ve done a bit more debugging, it seems that chrome and firefox are interpreting the Content-Security-Policy slightly differently. The icons (and a number of other JavaScript files) are initially referenced at a URL permitted by the policy, but that URL redirects to a different URL which the policy does not cover. Chrome seems to allow it because the original URL is permitted by the policy, Firefox forbids it because the redirected target is not permitted explicitly.

The fix would be to change the CSP to include the redirected locations - @QFSupport how does this work, is the CSP something you can control or is that fixed by Discourse?

Morning @awariat and @ian_roberts

I don’t believe this is something we can control, but we’ve asked the question to try and get this resolved.

Will keep you posted

It may also be an issue at the CDN, if qfcommunity.b-cdn.net would normally serve the resources directly but it has lost them for some reason and switched to redirecting to the original community.quickfile.co.uk location.

I have the same issue with Firefox and have to use Chrome when on the community forum.

Content Security Policy: The page’s settings blocked the loading of a resource at https://community.quickfile.co.uk/theme-javascripts/b9a77896c605f1e78d8a9081a5438db15133f382.js?__ws=community.quickfile.co.uk (“script-src”).

Morning

Is this still happening on Firefox? Some changes were made earlier this week which should have resolved this.

It looks like it is working now

1 Like

Not on mine:( Not on mine:(
Ok it is working on private window:)

Hi @awariat

It might be worth you clearing the cache on your browser. Hopefully this will allow it to work in a regular window, not just a private one.

Indeed, when the problem started the CDN was doing a 301 redirect, which any well-behaved browser should cache indefinitely since it means the resource has moved permanently and is never coming back…

This topic was automatically closed after 7 days. New replies are no longer allowed.