#105 Can't delete uploads on Safari

닫힘
dmz10 달 전을 오픈 · 13개의 코멘트
dmz 코멘트됨, 10 달 전

Can’t delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the Delete button, nothing happens, just outputs an error to the console.

Can't delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the `Delete` button, nothing happens, just outputs an error to the console.
Uncled1023 코멘트됨, 10 달 전
소유자

Interesting… It seems like Safari doesn’t like my CSP settings.

Interesting... It seems like Safari doesn't like my CSP settings.
Uncled1023 added the
Bug
label 10 달 전
Uncled1023 코멘트됨, 10 달 전
소유자

So looks to be because the JS isn’t passing the auth correctly. Will need to figure out what to do about that

So looks to be because the JS isn't passing the auth correctly. Will need to figure out what to do about that
Uncled1023 코멘트됨, 10 달 전
소유자

@dmz this should be fixed now.

@dmz this should be fixed now.
dmz 코멘트됨, 10 달 전
포스터

No, I’m afraid it’s still the same…

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
No, I'm afraid it's still the same... ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0) [Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) [Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) ```
Uncled1023 코멘트됨, 10 달 전
소유자

Hmm, I think it’s because Safari doesn’t recognize ‘worker-src’ and is therefore ignoring the nonce/etc.

I’ll have to find a way to test this, as I don’t have safari myself.

Hmm, I think it's because Safari doesn't recognize 'worker-src' and is therefore ignoring the nonce/etc. I'll have to find a way to test this, as I don't have safari myself.
dmz 코멘트됨, 10 달 전
포스터

I just found the Mozilla page for CSP: worker-src and it says there’s no support for Safari so this is indeed a browser related issue.

I just found the Mozilla page for [CSP: worker-src](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src) and it says there's [no support for Safari](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src#Browser_compatibility) so this is indeed a browser related issue.
dmz changed title from Can't delete uploads to Can't delete uploads on Safari 10 달 전
dmz 코멘트됨, 10 달 전
포스터

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?
Uncled1023 코멘트됨, 10 달 전
소유자

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable.

Just curious, are you able to do client side file encryption in safari?

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable. Just curious, are you able to do client side file encryption in safari?
dmz 코멘트됨, 10 달 전
포스터

Just curious, are you able to do client side file encryption in safari?

That’s a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the “Loading” message and just freezes there. The upload never finishes. Can’t cancel it on the (X) button, as well.

> Just curious, are you able to do client side file encryption in safari? That's a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the "Loading" message and just freezes there. The upload never finishes. Can't cancel it on the (X) button, as well.
Uncled1023 코멘트됨, 10 달 전
소유자

Any errors in the console?

Any errors in the console?
dmz 코멘트됨, 10 달 전
포스터

Yeah, forgot to look. Here it is:

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2)
[Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy.
[Error] SecurityError: The operation is insecure.
    (anonymous function) (upload.min.js:1:61637)
    (anonymous function) (upload.min.js:1:61637)
Yeah, forgot to look. Here it is: ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2) [Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy. [Error] SecurityError: The operation is insecure. (anonymous function) (upload.min.js:1:61637) (anonymous function) (upload.min.js:1:61637) ```
Uncled1023 코멘트됨, 10 달 전
소유자

Yea, so the old way is to use child-src, but now it’s worker-src. Sadly, while you can use child-src, chrome doesn’t listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.

Yea, so the old way is to use child-src, but now it's worker-src. Sadly, while you can use child-src, chrome doesn't listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.
dmz 코멘트됨, 10 달 전
포스터

The eternal battle of the browsers. It’s OK, I don’t use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn.

Closing for now.

The eternal battle of the browsers. It's OK, I don't use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn. Closing for now.
dmz 10 달 전가 Close
로그인하여 이 대화에 참여
마일스톤 없음
No Assignees
참여자 2명
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
취소
저장
아직 콘텐츠가 없습니다.