[OSM-talk] software requirements for OSM Editor: Firefox

Tom Hughes tom at compton.nu
Fri Oct 6 12:24:07 UTC 2023 

On 06/10/2023 12:53, Martin Trautmann wrote:
> On 23-10-06 13:41, Tom Hughes wrote:
>> On 06/10/2023 12:12, Martin Trautmann wrote:
>>> On 23-10-06 12:55, Tom Hughes via talk wrote:
>>>> No it was released in June 2020. October 2021 was the last
>>>> security patches.
>>>>
>>>> To answer the original question there have been any deliberate
>>>> changes that I know but given the error it's entirely possible
>>>> that FF has fixed something in what CSP rules it checks for what
>>>> requests.
>>>
>>> I doubt that since FF did not see any changes here for some time,
>>> unfortunately. So it appears to be from an OSM editor's change.
>>
>> I think you misunderstood what I was saying.
>>
>> My hypothesis is that something in iD has started using a data URL
>> where it didn't before and that is triggering a latent bug in your
>> version of firefox (in that it is checking that URL against the
>> media-src rule in our security policy) while newer versions of
>> firefox are checking it against some other rule.
> 
> Thanks - that does clarify the issue. But as you say, "something in iD
> has started" - so it's a change within OSM's editor, which does break
> old systems.
> 
> Maybe it's a reasonable and necessary change for ID - but maybe it isn't!
> 
> 
>> Without knowing more about which load is being blocked it's not
>> really possible to say more and I might be totally wrong as I'm
>> just guessing from the limited information available.
> 
> 
> I agree - but I don't know where else to report this malfunction. It's
> obvious that one part of this bug is an outdated FF version. But that
> does not mean that those have to be excluded.

Nobody is deliberately excluding you but equally nobody is going
to spend hours trying to make it work either.

Maybe it would be easy to avoid and maybe it wouldn't but until
we know what the actual problem is we can't tell and none of the
developers are likely to have such an old browser to reproduce
it even if they wanted to so unless you can provide more details
somehow it's not clear what can be done.

We don't even know the CSP error in the console is the root
cause of your main problems - it might be incidental as a media
load failing doesn't normally cause total page failure.

Tom

-- 
Tom Hughes (tom at compton.nu)
http://compton.nu/

More information about the talk mailing list