Downtime notice: Forum planned extended maintenance this Friday May 7th. No set time or duration; just somewhere that day for however long it takes to complete.

Blocked by Content Security Policy

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.
Please direct questions that are Mac or Linux-specific (dealing with installation and OS integration) to the appropriate Linux or Mac board.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only. The main focus here is on Pale Moon on Windows. Please direct your questions that are specific for Linux and Mac to the dedicated boards for those operating systems.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
Post Reply
User avatar
bobiboba
Newbie
Newbie
Posts: 4
Joined: 2021-04-19, 13:24

Blocked by Content Security Policy

Post by bobiboba » 2021-04-19, 13:34

Tried playing some old shockwave games I used to play as a child but it tells me:

Blocked by Content Security Policy

This page has a content security policy that prevents it from being embedded in this way.

Pale Moon prevented this page from loading in this way because the page has a content security policy that disallows it.

What should I do? Thanks.

josephd
Fanatic
Fanatic
Posts: 115
Joined: 2014-09-09, 12:15
Location: Tennessee

Re: Blocked by Content Security Policy

Post by josephd » 2021-04-19, 14:35

bobiboba wrote:
2021-04-19, 13:34
What should I do?
Providing a link to problem page would help.

User avatar
bobiboba
Newbie
Newbie
Posts: 4
Joined: 2021-04-19, 13:24

Re: Blocked by Content Security Policy

Post by bobiboba » 2021-04-19, 14:39

josephd wrote:
2021-04-19, 14:35
bobiboba wrote:
2021-04-19, 13:34
What should I do?
Providing a link to problem page would help.
Seems like it's game specific but here's a sample page http://www.bike-games.net/play/redline-rumble-3
(Another game affected by this is Metal Mayhem: World Tour)

User avatar
New Tobin Paradigm
Knows the dark side
Knows the dark side
Posts: 9651
Joined: 2012-10-09, 19:37
Location: Seriphia Galaxy

Re: Blocked by Content Security Policy

Post by New Tobin Paradigm » 2021-04-19, 14:48

So you are asking what do do when Pale Moon enforces security according to spec?
Big concerns grow from small concerns. You plant them, water them with tears, fertilize them with unconcern. If you ignore them, they grow.
I have ignored this problem long enough.

Image

User avatar
bobiboba
Newbie
Newbie
Posts: 4
Joined: 2021-04-19, 13:24

Re: Blocked by Content Security Policy

Post by bobiboba » 2021-04-19, 14:51

New Tobin Paradigm wrote:
2021-04-19, 14:48
So you are asking what do do when Pale Moon enforces security according to spec?
What? I don't want it enforcing security, how do I turn it off?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29918
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Blocked by Content Security Policy

Post by Moonchild » 2021-04-19, 14:52

You'll have to tell the webmaster to stop enforcing a policy that breaks the games.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image

User avatar
bobiboba
Newbie
Newbie
Posts: 4
Joined: 2021-04-19, 13:24

Re: Blocked by Content Security Policy

Post by bobiboba » 2021-04-19, 14:58

Moonchild wrote:
2021-04-19, 14:52
You'll have to tell the webmaster to stop enforcing a policy that breaks the games.
Would like to, but
1. They won't listen
2. It's not website specific (according to my observations)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29918
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Blocked by Content Security Policy

Post by Moonchild » 2021-04-19, 15:39

bobiboba wrote:
2021-04-19, 14:58
1. They won't listen
nothing we can do anything about
bobiboba wrote:
2021-04-19, 14:58
2. It's not website specific (according to my observations)
By definition, it is.
CSP policies are set by the web server in a web server header. If Pale Moon blocks content based on it, then it is doing what it has been told by the server to do.
The default CSP (as in: if not defined by the server) is to allow.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image

User avatar
Massacre
Hobby Astronomer
Hobby Astronomer
Posts: 27
Joined: 2020-05-01, 13:16
Contact:

Re: Blocked by Content Security Policy

Post by Massacre » 2021-04-28, 13:43

Does 'security.csp.enable' in about:config work for Pale Moon then?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 29918
Joined: 2011-08-28, 17:27
Location: Tranås, SE
Contact:

Re: Blocked by Content Security Policy

Post by Moonchild » 2021-04-28, 13:55

Yes it does.
Disabling it will open you up to potential XSS attacks but it's your call.
"Son, in life you do not fight battles because you expect to win, you fight them merely because they need to be fought." -- Snagglepuss
Image

Post Reply