Blocked by Content Security Policy

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
bobiboba

Blocked by Content Security Policy

Unread post by bobiboba » 2021-04-19, 13:34

Tried playing some old shockwave games I used to play as a child but it tells me:

Blocked by Content Security Policy

This page has a content security policy that prevents it from being embedded in this way.

Pale Moon prevented this page from loading in this way because the page has a content security policy that disallows it.

What should I do? Thanks.

josephd
Fanatic
Fanatic
Posts: 134
Joined: 2014-09-09, 12:15
Location: Tennessee

Re: Blocked by Content Security Policy

Unread post by josephd » 2021-04-19, 14:35

bobiboba wrote:
2021-04-19, 13:34
What should I do?
Providing a link to problem page would help.

bobiboba

Re: Blocked by Content Security Policy

Unread post by bobiboba » 2021-04-19, 14:39

josephd wrote:
2021-04-19, 14:35
bobiboba wrote:
2021-04-19, 13:34
What should I do?
Providing a link to problem page would help.
Seems like it's game specific but here's a sample page http://www.bike-games.net/play/redline-rumble-3
(Another game affected by this is Metal Mayhem: World Tour)

New Tobin Paradigm

Re: Blocked by Content Security Policy

Unread post by New Tobin Paradigm » 2021-04-19, 14:48

So you are asking what do do when Pale Moon enforces security according to spec?

bobiboba

Re: Blocked by Content Security Policy

Unread post by bobiboba » 2021-04-19, 14:51

New Tobin Paradigm wrote:
2021-04-19, 14:48
So you are asking what do do when Pale Moon enforces security according to spec?
What? I don't want it enforcing security, how do I turn it off?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Blocked by Content Security Policy

Unread post by Moonchild » 2021-04-19, 14:52

You'll have to tell the webmaster to stop enforcing a policy that breaks the games.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

bobiboba

Re: Blocked by Content Security Policy

Unread post by bobiboba » 2021-04-19, 14:58

Moonchild wrote:
2021-04-19, 14:52
You'll have to tell the webmaster to stop enforcing a policy that breaks the games.
Would like to, but
1. They won't listen
2. It's not website specific (according to my observations)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Blocked by Content Security Policy

Unread post by Moonchild » 2021-04-19, 15:39

bobiboba wrote:
2021-04-19, 14:58
1. They won't listen
nothing we can do anything about
bobiboba wrote:
2021-04-19, 14:58
2. It's not website specific (according to my observations)
By definition, it is.
CSP policies are set by the web server in a web server header. If Pale Moon blocks content based on it, then it is doing what it has been told by the server to do.
The default CSP (as in: if not defined by the server) is to allow.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
Massacre
Moon lover
Moon lover
Posts: 84
Joined: 2020-05-01, 13:16
Contact:

Re: Blocked by Content Security Policy

Unread post by Massacre » 2021-04-28, 13:43

Does 'security.csp.enable' in about:config work for Pale Moon then?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Blocked by Content Security Policy

Unread post by Moonchild » 2021-04-28, 13:55

Yes it does.
Disabling it will open you up to potential XSS attacks but it's your call.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked