#105 Can't delete uploads on Safari

Slēgta
dmz atvēra pirms 8 mēnešiem · 13 komentāri
dmz komentēja pirms 8 mēnešiem

Can’t delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the Delete button, nothing happens, just outputs an error to the console.

Can't delete uploads (Safari 11.1.2, OS X El Capitan 10.11.6). When I click on the `Delete` button, nothing happens, just outputs an error to the console.
Uncled1023 komentēja pirms 8 mēnešiem
Īpašnieks

Interesting… It seems like Safari doesn’t like my CSP settings.

Interesting... It seems like Safari doesn't like my CSP settings.
Uncled1023 pievienoja etiķeti
Bug
pirms 8 mēnešiem
Uncled1023 komentēja pirms 8 mēnešiem
Īpašnieks

So looks to be because the JS isn’t passing the auth correctly. Will need to figure out what to do about that

So looks to be because the JS isn't passing the auth correctly. Will need to figure out what to do about that
Uncled1023 komentēja pirms 8 mēnešiem
Īpašnieks

@dmz this should be fixed now.

@dmz this should be fixed now.
dmz komentēja pirms 8 mēnešiem
Autors

No, I’m afraid it’s still the same…

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
[Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf"
	error (common.min.js:1:12920)
	select (common.min.js:1:21689)
	find (common.min.js:1:24250)
	init (common.min.js:1:24739)
	x (common.min.js:1:898)
	(anonymous function) (user.serviceData.min.js:1:914)
	dispatch (common.min.js:1:41533)
No, I'm afraid it's still the same... ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (ServiceData, line 0) [Error] Error: Syntax error, unrecognized expression: #uploads [id="8gaTQ.png" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) [Error] Error: Syntax error, unrecognized expression: #uploads [id="ChHZ5.pdf" error (common.min.js:1:12920) select (common.min.js:1:21689) find (common.min.js:1:24250) init (common.min.js:1:24739) x (common.min.js:1:898) (anonymous function) (user.serviceData.min.js:1:914) dispatch (common.min.js:1:41533) ```
Uncled1023 komentēja pirms 8 mēnešiem
Īpašnieks

Hmm, I think it’s because Safari doesn’t recognize ‘worker-src’ and is therefore ignoring the nonce/etc.

I’ll have to find a way to test this, as I don’t have safari myself.

Hmm, I think it's because Safari doesn't recognize 'worker-src' and is therefore ignoring the nonce/etc. I'll have to find a way to test this, as I don't have safari myself.
dmz komentēja pirms 8 mēnešiem
Autors

I just found the Mozilla page for CSP: worker-src and it says there’s no support for Safari so this is indeed a browser related issue.

I just found the Mozilla page for [CSP: worker-src](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src) and it says there's [no support for Safari](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src#Browser_compatibility) so this is indeed a browser related issue.
dmz nomainīts virsraksts no Can't delete uploads uz Can't delete uploads on Safari pirms 8 mēnešiem
dmz komentēja pirms 8 mēnešiem
Autors

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?

Maybe I should close this one, since the obvious solution is for Safari to catch up, no?
Uncled1023 komentēja pirms 8 mēnešiem
Īpašnieks

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable.

Just curious, are you able to do client side file encryption in safari?

Sadly I think that may be the case. I need the worker-src for the different background workers that come up across the site. Maybe one day I can make it not need that, but until then, this is inevitable. Just curious, are you able to do client side file encryption in safari?
dmz komentēja pirms 8 mēnešiem
Autors

Just curious, are you able to do client side file encryption in safari?

That’s a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the “Loading” message and just freezes there. The upload never finishes. Can’t cancel it on the (X) button, as well.

> Just curious, are you able to do client side file encryption in safari? That's a good question since I never tried it before so, I just tried it on a small upload (png image or text file) and the progress bar gets stuck on 100% with the "Loading" message and just freezes there. The upload never finishes. Can't cancel it on the (X) button, as well.
Uncled1023 komentēja pirms 8 mēnešiem
Īpašnieks

Any errors in the console?

Any errors in the console?
dmz komentēja pirms 8 mēnešiem
Autors

Yeah, forgot to look. Here it is:

[Error] Unrecognized Content-Security-Policy directive 'worker-src'.

[Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2)
[Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy.
[Error] SecurityError: The operation is insecure.
    (anonymous function) (upload.min.js:1:61637)
    (anonymous function) (upload.min.js:1:61637)
Yeah, forgot to look. Here it is: ``` [Error] Unrecognized Content-Security-Policy directive 'worker-src'. [Error] Refused to execute a script because its hash, its nonce, or 'unsafe-inline' does not appear in the script-src directive of the Content Security Policy. (upload.teknik.io, line 0, x2) [Error] Refused to load blob:https://upload.teknik.io/92bfca5d-8b70-49eb-961e-f76c2a40f3b4 because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy. [Error] SecurityError: The operation is insecure. (anonymous function) (upload.min.js:1:61637) (anonymous function) (upload.min.js:1:61637) ```
Uncled1023 komentēja pirms 8 mēnešiem
Īpašnieks

Yea, so the old way is to use child-src, but now it’s worker-src. Sadly, while you can use child-src, chrome doesn’t listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.

Yea, so the old way is to use child-src, but now it's worker-src. Sadly, while you can use child-src, chrome doesn't listen to it anymore. And if I include worker-src, I think it just breaks the entire policy in safari.
dmz komentēja pirms 8 mēnešiem
Autors

The eternal battle of the browsers. It’s OK, I don’t use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn.

Closing for now.

The eternal battle of the browsers. It's OK, I don't use the upload feature much, I just like to report bugs as I find them because I just care about Teknik as a whole. Maybe in the future, it gets fixed by itself, when browsers stop being so stubborn. Closing for now.
Pierakstieties, lai pievienotos šai sarunai.
Nav atskaites punktu
Nav atbildīgo
2 dalībnieki
Izpildes termiņš

Izpildes termiņš nav uzstādīts.

Atkarības

Šai problēmai pagaidām nav nevienas atkarības.

Notiek ielāde…
Atcelt
Saglabāt
Vēl nav satura.