hacxx
June 10, 2021, 10:22am
1
Troubleshooting technical issues is much easier when both the user and support agent practice clear communication. For this reason, we have provided the template below for you to fill out with information about your issue. Please provide as much detail as possible so we can most efficiently resolve your problem.
Delete the any text above the line separator below before posting
Description of the issue:
**How can this issue be reproduced? **
Expected result:
Brave Version( check About Brave):
yeah, we’re working on a fix. Apologies
opened 11:21AM - 05 Jun 21 UTC
closed 03:19AM - 10 Jun 21 UTC
OS/Desktop
regression
## Description
As mentioned in the title, csp (content security policy) breaks… some sites when they are launched from an existing page.
I use a simple page as my new tab and launch the 20+ sites I mostly visit from there. Right now, facebook and cockpit (local page, web console for linux servers) are affected. The error output in brave's console (f12 > console) always looks similar to this
`Refused to execute inline script because it violates the following Content Security Policy directive: "script-src *". Either the 'unsafe-inline' keyword, a hash ('sha256-random numbers and letters'), or a nonce ('nonce-...') is required to enable inline execution.`
This can also be considered a followup of #13929
## Steps to Reproduce
1. Create a simple web page locally, e.g.
```
<html>
<head>
<title>a simple page</title>
</head>
<body>
<a href="https://www.facebook.com/">Facebook</a>
<a href="https://192.168.1.5:9090">Cockpit</a>
</body>
</html>
```
2. Open it in brave.
3. Click on any of the 2 links mentioned.
4. Notice that the pages appear broken.
5. The errors appear in the console (f12 > console)
## Actual result:
Facebook's page appears completely blank. Cockpit's appears like so
## Expected result:
I assume everyone knows how facebook's main page looks. Cockpit's should appear like so, prompting the user for credentials.
## Reproduces how often:
Easily.
## Brave version (brave://version info)
Brave 1.25.68 Chromium: 91.0.4472.77 (Official Build) (64-bit)
Revision 1cecd5c8a856bc2a5adda436e7b84d8d21b339b6-refs/branch-heads/4472@{# 1246}
OS Linux
## Version/Channel Information:
- Can you reproduce this issue with the current release? Yes
- Can you reproduce this issue with the beta channel? Probably
- Can you reproduce this issue with the nightly channel? Probably
## Other Additional Information:
- Does the issue resolve itself when disabling Brave Shields? No
- Does the issue resolve itself when disabling Brave Rewards? No
- Is the issue reproducible on the latest version of Chrome? No. Tested on chrome unstable, v93.0.4530.5 as of today.
## Miscellaneous Information:
In order for facebook to appear blank, the user must be already logged in in facebook. If not, it shows the usual facebook login page but the same errors on the console.
Moreover, if the forementioned link leads to any of facebook's subpages, e.g.
```
facebook.com/messages
facebook.com/bravesoftware
```
the page appears blank as well and the same errors appear on the console.
Last but not least, if instead of pressing the link, the user types the url in the address bar, each page opens with no issues and no errors in the console.
1 Like
system
July 10, 2021, 12:15pm
3
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.