Addons website doesn't work due to content blocking


(Himanshu Shekhar) #1

CSS and JS are getting blocked on add-ons website. As a result of this, only the HTML is rendered, and the site is not functional.
The same is for any other page on the same domain.

Below is the attached log from the browser console.

Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://addons-amo.cdn.mozilla.net/amo-48c2c76c80fc1853998af5863e1fda14.css. (Reason: CORS request did not succeed).[Learn More]
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://addons-amo.cdn.mozilla.net/amo-2e0246a2755697dd1c23.js. (Reason: CORS request did not succeed).[Learn More]
None of the “sha512” hashes in the integrity attribute match the content of the subresource.

Browser: Firefox Developer Edition 64.0b1 on Arch Linux (64 bit)

image


(jscher2000) #2

That first one is just a deprecation warning and doesn’t affect content.

On the second one, testing in Firefox 63.0, mine shows the CDN returns:

Access-Control-Allow-Origin: *

Since requests are allowed from everywhere, the request should not be blocked by a CORS issue.

Can you load the URL directly or is it blocked in some manner? https://addons-amo.cdn.mozilla.net/amo-48c2c76c80fc1853998af5863e1fda14.css

Some users have difficulty accessing sites with “cdn” in the host name for unexplained reasons.


(Caitlin Neiman) #3

This is known; we just updated the content script documentation on MDN to make it clearer that certain domains block content script.


(Himanshu Shekhar) #4

Yeah, it works now. The addons website is also working fine.
I still wonder why that was the issue. Was it my college campus proxy blocking content, or problem with website, or with Firefox itself?