[OSM-talk] software requirements for OSM Editor: Firefox

[Martin Trautmann]

On 23-10-06 13:41, Tom Hughes wrote:
> On 06/10/2023 12:12, Martin Trautmann wrote:
>> On 23-10-06 12:55, Tom Hughes via talk wrote:
>>> No it was released in June 2020. October 2021 was the last
>>> security patches.
>>>
>>> To answer the original question there have been any deliberate
>>> changes that I know but given the error it's entirely possible
>>> that FF has fixed something in what CSP rules it checks for what
>>> requests.
>>
>> I doubt that since FF did not see any changes here for some time,
>> unfortunately. So it appears to be from an OSM editor's change.
>
> I think you misunderstood what I was saying.
>
> My hypothesis is that something in iD has started using a data URL
> where it didn't before and that is triggering a latent bug in your
> version of firefox (in that it is checking that URL against the
> media-src rule in our security policy) while newer versions of
> firefox are checking it against some other rule.

Thanks - that does clarify the issue. But as you say, "something in iD
has started" - so it's a change within OSM's editor, which does break
old systems.

Maybe it's a reasonable and necessary change for ID - but maybe it isn't!


> Without knowing more about which load is being blocked it's not
> really possible to say more and I might be totally wrong as I'm
> just guessing from the limited information available.


I agree - but I don't know where else to report this malfunction. It's
obvious that one part of this bug is an outdated FF version. But that
does not mean that those have to be excluded.