#105 Can't delete uploads on Safari

クローズ
dmz8ヶ月前に作成 · 13件のコメント
dmz8ヶ月前 にコメント

Can’t delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the Delete button, nothing happens, just outputs an error to the console.

Can't delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the `Delete` button, nothing happens, just outputs an error to the console.
Uncled10238ヶ月前 にコメント
オーナー

Interesting… It seems like Safari doesn’t like my CSP settings.

Interesting... It seems like Safari doesn't like my CSP settings.
Uncled1023 がラベル
Bug
を追加 8ヶ月前
Uncled10238ヶ月前 にコメント
オーナー

So looks to be because the JS isn’t passing the auth correctly. Will need to figure out what to do about that

So looks to be because the JS isn't passing the auth correctly. Will need to figure out what to do about that
Uncled10238ヶ月前 にコメント
オーナー

@dmz this should be fixed now.

@dmz this should be fixed now.
dmz8ヶ月前 にコメント
投稿者

No, I’m afraid it’s still the same…

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
No, I'm afraid it's still the same... ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0) [Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) [Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) ```
Uncled10238ヶ月前 にコメント
オーナー

Hmm, I think it’s because Safari doesn’t recognize ‘worker-src’ and is therefore ignoring the nonce/etc.

I’ll have to find a way to test this, as I don’t have safari myself.

Hmm, I think it's because Safari doesn't recognize 'worker-src' and is therefore ignoring the nonce/etc. I'll have to find a way to test this, as I don't have safari myself.
dmz8ヶ月前 にコメント
投稿者

I just found the Mozilla page for CSP: worker-src and it says there’s no support for Safari so this is indeed a browser related issue.

I just found the Mozilla page for [CSP: worker-src](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src) and it says there's [no support for Safari](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src#Browser_compatibility) so this is indeed a browser related issue.
dmz がタイトルを Can't delete uploads から Can't delete uploads on Safari に変更 8ヶ月前
dmz8ヶ月前 にコメント
投稿者

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?
Uncled10238ヶ月前 にコメント
オーナー

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable.

Just curious, are you able to do client side file encryption in safari?

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable. Just curious, are you able to do client side file encryption in safari?
dmz8ヶ月前 にコメント
投稿者

Just curious, are you able to do client side file encryption in safari?

That’s a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the “Loading” message and just freezes there. The upload never finishes. Can’t cancel it on the (X) button, as well.

> Just curious, are you able to do client side file encryption in safari? That's a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the "Loading" message and just freezes there. The upload never finishes. Can't cancel it on the (X) button, as well.
Uncled10238ヶ月前 にコメント
オーナー

Any errors in the console?

Any errors in the console?
dmz8ヶ月前 にコメント
投稿者

Yeah, forgot to look. Here it is:

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2)
[Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy.
[Error] SecurityError: The operation is insecure.
    (anonymous function) (upload.min.js:1:61637)
    (anonymous function) (upload.min.js:1:61637)
Yeah, forgot to look. Here it is: ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2) [Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy. [Error] SecurityError: The operation is insecure. (anonymous function) (upload.min.js:1:61637) (anonymous function) (upload.min.js:1:61637) ```
Uncled10238ヶ月前 にコメント
オーナー

Yea, so the old way is to use child-src, but now it’s worker-src. Sadly, while you can use child-src, chrome doesn’t listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.

Yea, so the old way is to use child-src, but now it's worker-src. Sadly, while you can use child-src, chrome doesn't listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.
dmz8ヶ月前 にコメント
投稿者

The eternal battle of the browsers. It’s OK, I don’t use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn.

Closing for now.

The eternal battle of the browsers. It's OK, I don't use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn. Closing for now.
dmz がクローズ 8ヶ月前
サインインしてこの会話に参加。
マイルストーンなし
担当者なし
2 人の参加者
期日

期日は未設定です。

依存関係

この課題に依存関係はありません。

読み込み中…
キャンセル
保存
まだ内容がありません