#105 Can't delete uploads on Safari

Suljettu
8 kuukautta sitten avasi dmz · 13 kommenttia

Can’t delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the Delete button, nothing happens, just outputs an error to the console.

Can't delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the `Delete` button, nothing happens, just outputs an error to the console.
Uncled1023 commented 8 kuukautta sitten
Omistaja

Interesting… It seems like Safari doesn’t like my CSP settings.

Interesting... It seems like Safari doesn't like my CSP settings.
Uncled1023 added the
Bug
label 8 kuukautta sitten
Uncled1023 commented 8 kuukautta sitten
Omistaja

So looks to be because the JS isn’t passing the auth correctly. Will need to figure out what to do about that

So looks to be because the JS isn't passing the auth correctly. Will need to figure out what to do about that
Uncled1023 commented 8 kuukautta sitten
Omistaja

@dmz this should be fixed now.

@dmz this should be fixed now.
dmz commented 8 kuukautta sitten
Tekijä

No, I’m afraid it’s still the same…

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
No, I'm afraid it's still the same... ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0) [Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) [Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) ```
Uncled1023 commented 8 kuukautta sitten
Omistaja

Hmm, I think it’s because Safari doesn’t recognize ‘worker-src’ and is therefore ignoring the nonce/etc.

I’ll have to find a way to test this, as I don’t have safari myself.

Hmm, I think it's because Safari doesn't recognize 'worker-src' and is therefore ignoring the nonce/etc. I'll have to find a way to test this, as I don't have safari myself.
dmz commented 8 kuukautta sitten
Tekijä

I just found the Mozilla page for CSP: worker-src and it says there’s no support for Safari so this is indeed a browser related issue.

I just found the Mozilla page for [CSP: worker-src](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src) and it says there's [no support for Safari](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src#Browser_compatibility) so this is indeed a browser related issue.
dmz changed title from Can't delete uploads to Can't delete uploads on Safari 8 kuukautta sitten
dmz commented 8 kuukautta sitten
Tekijä

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?
Uncled1023 commented 8 kuukautta sitten
Omistaja

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable.

Just curious, are you able to do client side file encryption in safari?

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable. Just curious, are you able to do client side file encryption in safari?
dmz commented 8 kuukautta sitten
Tekijä

Just curious, are you able to do client side file encryption in safari?

That’s a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the “Loading” message and just freezes there. The upload never finishes. Can’t cancel it on the (X) button, as well.

> Just curious, are you able to do client side file encryption in safari? That's a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the "Loading" message and just freezes there. The upload never finishes. Can't cancel it on the (X) button, as well.
Uncled1023 commented 8 kuukautta sitten
Omistaja

Any errors in the console?

Any errors in the console?
dmz commented 8 kuukautta sitten
Tekijä

Yeah, forgot to look. Here it is:

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2)
[Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy.
[Error] SecurityError: The operation is insecure.
    (anonymous function) (upload.min.js:1:61637)
    (anonymous function) (upload.min.js:1:61637)
Yeah, forgot to look. Here it is: ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2) [Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy. [Error] SecurityError: The operation is insecure. (anonymous function) (upload.min.js:1:61637) (anonymous function) (upload.min.js:1:61637) ```
Uncled1023 commented 8 kuukautta sitten
Omistaja

Yea, so the old way is to use child-src, but now it’s worker-src. Sadly, while you can use child-src, chrome doesn’t listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.

Yea, so the old way is to use child-src, but now it's worker-src. Sadly, while you can use child-src, chrome doesn't listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.
dmz commented 8 kuukautta sitten
Tekijä

The eternal battle of the browsers. It’s OK, I don’t use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn.

Closing for now.

The eternal battle of the browsers. It's OK, I don't use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn. Closing for now.
Sign in to join this conversation.
Ei merkkipaalua
No Assignees
2 osallistujaa
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
Peruuta
Tallenna
Sisältöä ei vielä ole.