Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: multiple console warnings/errors on Firefox #40050

Closed
mvdan opened this issue Jul 5, 2020 · 2 comments
Closed

x/pkgsite: multiple console warnings/errors on Firefox #40050

mvdan opened this issue Jul 5, 2020 · 2 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite/frontend Issues related to pkgsite HTML/CSS/JavaScript and frontend development pkgsite

Comments

@mvdan
Copy link
Member

mvdan commented Jul 5, 2020

For example, on https://pkg.go.dev/mod/mvdan.cc/sh/v3@v3.1.2 with Firefox 78.0.1 on Linux, on my usual profile:

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). contentscript.js:1:388681
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 2 utils.js:35:9
Source map error: Error: NetworkError when attempting to fetch resource.
Resource URL: moz-extension://06bdf040-73e4-4e90-9c8a-e23635c79580/contentscript.js
Source Map URL: ../sourcemaps/contentscript.js.map

If I run with a new and empty Firefox profile (default settings, no extensions, etc), I don't get those warnings, presumably because the default security/privacy settings aren't as strong. I get a different warning, though:

Some cookies are misusing the recommended “sameSite“ attribute 2
Cookie “_ga” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:28:486
Cookie “_gid” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Finally, there is also a warning on Chromium 83.0.4103.116, but it seems to be just a performance tip:

[Intervention] An <img> element was lazyloaded with loading=lazy, but had no dimensions specified. Specifying dimensions improves performance. See https://crbug.com/954323

Assuming that tests are made periodically, hopefully you can add Firefox and other major browsers like Safari too, to catch these early.

@gopherbot gopherbot added this to the Unreleased milestone Jul 5, 2020
@mvdan mvdan added the pkgsite label Jul 5, 2020
@mvdan
Copy link
Member Author

mvdan commented Jul 5, 2020

CC @julieqiu @jba

@julieqiu julieqiu added the NeedsFix The path to resolution is known, but the work has not been done. label Jul 6, 2020
@julieqiu julieqiu added NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. and removed NeedsFix The path to resolution is known, but the work has not been done. labels Aug 24, 2020
@julieqiu julieqiu modified the milestones: Unreleased, pkgsite/frontend Aug 24, 2020
@jamalc
Copy link

jamalc commented Feb 18, 2021

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). contentscript.js:1:388681
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). 2 utils.js:35:9
Source map error: Error: NetworkError when attempting to fetch resource.
Resource URL: moz-extension://06bdf040-73e4-4e90-9c8a-e23635c79580/contentscript.js
Source Map URL: ../sourcemaps/contentscript.js.map

The CSP warnings look like they're coming from a browser extension and should have no affect pkg.go.dev.

Some cookies are misusing the recommended “sameSite“ attribute 2
Cookie “_ga” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:28:486
Cookie “_gid” will be soon rejected because it has the “sameSite” attribute set to “none” or an invalid value, without the “secure” attribute. To know more about the “sameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

The Google Analytics team was aware of the cookie issue and it has been fixed.

@jamalc jamalc closed this as completed Feb 18, 2021
@golang golang locked and limited conversation to collaborators Feb 18, 2022
@hyangah hyangah added the pkgsite/frontend Issues related to pkgsite HTML/CSS/JavaScript and frontend development label May 20, 2022
@rsc rsc unassigned jamalc Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. pkgsite/frontend Issues related to pkgsite HTML/CSS/JavaScript and frontend development pkgsite
Projects
None yet
Development

No branches or pull requests

5 participants