#105 Can't delete uploads on Safari

Fermé
créé il y a 10 mois par dmz · 13 commentaires
dmz a commenté il y a 10 mois

Can’t delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the Delete button, nothing happens, just outputs an error to the console.

Can't delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the `Delete` button, nothing happens, just outputs an error to the console.
Uncled1023 a commenté il y a 10 mois
Propriétaire

Interesting… It seems like Safari doesn’t like my CSP settings.

Interesting... It seems like Safari doesn't like my CSP settings.
Uncled1023 a ajouté l'étiquette
Bug
il y a 10 mois
Uncled1023 a commenté il y a 10 mois
Propriétaire

So looks to be because the JS isn’t passing the auth correctly. Will need to figure out what to do about that

So looks to be because the JS isn't passing the auth correctly. Will need to figure out what to do about that
Uncled1023 a commenté il y a 10 mois
Propriétaire

@dmz this should be fixed now.

@dmz this should be fixed now.
dmz a commenté il y a 10 mois
Publier

No, I’m afraid it’s still the same…

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
No, I'm afraid it's still the same... ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0) [Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) [Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) ```
Uncled1023 a commenté il y a 10 mois
Propriétaire

Hmm, I think it’s because Safari doesn’t recognize ‘worker-src’ and is therefore ignoring the nonce/etc.

I’ll have to find a way to test this, as I don’t have safari myself.

Hmm, I think it's because Safari doesn't recognize 'worker-src' and is therefore ignoring the nonce/etc. I'll have to find a way to test this, as I don't have safari myself.
dmz a commenté il y a 10 mois
Publier

I just found the Mozilla page for CSP: worker-src and it says there’s no support for Safari so this is indeed a browser related issue.

I just found the Mozilla page for [CSP: worker-src](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src) and it says there's [no support for Safari](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src#Browser_compatibility) so this is indeed a browser related issue.
dmz a changé le titre de Can't delete uploads en Can't delete uploads on Safari il y a 10 mois
dmz a commenté il y a 10 mois
Publier

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?
Uncled1023 a commenté il y a 10 mois
Propriétaire

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable.

Just curious, are you able to do client side file encryption in safari?

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable. Just curious, are you able to do client side file encryption in safari?
dmz a commenté il y a 10 mois
Publier

Just curious, are you able to do client side file encryption in safari?

That’s a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the “Loading” message and just freezes there. The upload never finishes. Can’t cancel it on the (X) button, as well.

> Just curious, are you able to do client side file encryption in safari? That's a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the "Loading" message and just freezes there. The upload never finishes. Can't cancel it on the (X) button, as well.
Uncled1023 a commenté il y a 10 mois
Propriétaire

Any errors in the console?

Any errors in the console?
dmz a commenté il y a 10 mois
Publier

Yeah, forgot to look. Here it is:

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2)
[Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy.
[Error] SecurityError: The operation is insecure.
    (anonymous function) (upload.min.js:1:61637)
    (anonymous function) (upload.min.js:1:61637)
Yeah, forgot to look. Here it is: ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2) [Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy. [Error] SecurityError: The operation is insecure. (anonymous function) (upload.min.js:1:61637) (anonymous function) (upload.min.js:1:61637) ```
Uncled1023 a commenté il y a 10 mois
Propriétaire

Yea, so the old way is to use child-src, but now it’s worker-src. Sadly, while you can use child-src, chrome doesn’t listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.

Yea, so the old way is to use child-src, but now it's worker-src. Sadly, while you can use child-src, chrome doesn't listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.
dmz a commenté il y a 10 mois
Publier

The eternal battle of the browsers. It’s OK, I don’t use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn.

Closing for now.

The eternal battle of the browsers. It's OK, I don't use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn. Closing for now.
Connectez-vous pour rejoindre cette conversation.
Aucun jalon
Pas d'assignataires
2 participants
Échéance

Aucune échéance n'a été définie.

Dépendances

Ce ticket n'a actuellement pas de dépendance.

Chargement…
Annuler
Enregistrer
Il n'existe pas encore de contenu.