MozillaZine

Embedded twitter The media could not be played Fix

User Help for Mozilla Firefox
TheVisitor
 
Posts: 4694
Joined: May 13th, 2012, 10:43 am

Post Posted December 24th, 2017, 2:10 pm

The links posted here I can play by clicking on the 'sub-link' that was suggested. However I have seen other pages that do not have that link. Next time I see one I will post it here.[/quote]
Here's one: https://order-order.com/2017/12/19/dian ... christmas/[/quote]

OK, that one gives the 'media cannot be played' message. Works in latest Chrome, and will not work in Edge.

The Mechanic

User avatar
 
Posts: 877
Joined: December 24th, 2011, 10:29 am

Post Posted December 24th, 2017, 2:14 pm

Here's one:

Here's one: https://order-order.com/2017/12/19/dian ... christmas/



Indeed it is. Good catch. Actually there are many of them.

c627627

User avatar
 
Posts: 562
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted December 24th, 2017, 2:15 pm

Okay guys, change about:config:
security.csp.enable
from true to FALSE to temporarily fix this official Firefox bug that won't be fixed until the next official Fx release.
Open the pod bay doors, Cortana.

The Mechanic

User avatar
 
Posts: 877
Joined: December 24th, 2011, 10:29 am

Post Posted December 24th, 2017, 2:26 pm

c627627 wrote:Okay guys, change about:config:
security.esp.enable
from true to FALSE to temporarily fix this official Firefox bug that won't be fixed until the next official Fx release.



Questions?

What, exactly, does switching this to off disable?

Next question. I am using the current Nightly. How long to I have to wait? :-)

Google is my friend but I am lazy. Please notice the 'smiley' above.

Gingerbread Man

User avatar
 
Posts: 7742
Joined: January 30th, 2007, 10:55 am

Post Posted December 24th, 2017, 2:32 pm

Luna C wrote:Gingerbread Man, that doesn't seem to work either.

I tested and with Header Editor, your link works just fine as does the original link posted earlier.

Anyway, you can disable CSP altogether, if embedded tweets are more important to you than security:
  1. Enter the following into the location bar:
    Code: Select all
    about:config?filter=security.csp.enable
  2. Press the big button to bypass the warning.
  3. In the search results, double-click security.csp.enable to set it to false.
The Tinsmith wrote:What, exactly, does switching this to off disable?

Content Security Policy (CSP) is a mechanism to help prevent websites from inadvertantly executing malicious content. A website specifies a CSP using an HTTP header sent from the server. The CSP is mostly concerned with specifying legitimate sources of various types of content, such as scripts or embedded plugins. For example, a website can use it to specify that the browser should only execute JavaScript served from the website itself, and not from any other sources. A CSP can also instruct the browser to disallow potentially unsafe practices, such as the use of eval().” —Mozilla Developer Network
The Tinsmith wrote:I am using the current Nightly. How long to I have to wait? :-)

Not only is no one working on the bug, but no one's decided if Firefox has the correct behavior or Chrome does. Most employees are on vacation until early January, so it'll probably be a while.

Vitesse
 
Posts: 1237
Joined: April 21st, 2011, 6:03 pm

Post Posted December 24th, 2017, 2:45 pm

c627627 wrote:Okay guys, change about:config:
security.csp.enable
from true to FALSE to temporarily fix this official Firefox bug that won't be fixed until the next official Fx release.

Thanks! =D>

The Mechanic

User avatar
 
Posts: 877
Joined: December 24th, 2011, 10:29 am

Post Posted December 24th, 2017, 2:54 pm

Not only is no one working on the bug, but no one's decided if Firefox has the correct behavior or Chrome does. Most employees are on vacation until early January, so it'll probably be a while.



Thank you. Your post, and there have been several in the thread, was most informative.

I never thought it was a good idea to have a nice home with good locks and not lock the door or turn on the alarm. :-)

Me? I choose to 'miss' the Twitter videos until those that know what they are doing solve it..

As for the devs and a holiday? I agree with that concept too. 110%

c627627

User avatar
 
Posts: 562
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted December 24th, 2017, 4:47 pm

Gingerbread Man, I think I may have jumped the gun by interpreting that this is a bug.
First of all, is this it a legit bug in your opinion and in the opinion of senior members here?

I don't even have a twitter account, and don't actually care about twitter videos but the notion that videos that play on every other browser but Firefox just bothered me a little from the perspective of maybe it's harsh to plain cut off ALL of twitter videos?

I think this question is very relevant because if this is not a bug, then your way of enabling it is much better than blanket turn off of entire CSP. So would much appreciate an opinion about whether this is considered a bug? To me it sounds like a major bug not be able to play twitter videos and like I said I don't even have a twitter account, just common sense, I mean if by design they blocked all of twitter...!? Firefox should not lose users just because of that. I care that the trend of user base diminishing gets turned around. And Firefox is losing users exactly because of stuff like this.

It's nice they are all on vacation, but from a real world stand point, blocking ALL of twitter is a red alert bug because it impacts huge numbers of average users, even if we don't care about twitter.
Open the pod bay doors, Cortana.

The Mechanic

User avatar
 
Posts: 877
Joined: December 24th, 2011, 10:29 am

Post Posted December 24th, 2017, 5:06 pm

It's nice they are all on vacation, but from a real world stand point, blocking ALL of twitter is a red alert bug because it impacts huge numbers of average users, even if we don't care about twitter.



Excuse me for butt in?

Since I have a life can I assume that they have a have too?

And since the world will not end, or even hiccup, because of this 'disaster'!!! of a poorly configured website that will not display a simple video.? I don't care. Do you? Really? Write the fix code then. I grow so tired of the 'panic mode!!' stuff over 'who gives a damn' stuff.

As for the Devs? IMHO? Enjoy your holiday.

mightyglydd

User avatar
 
Posts: 9260
Joined: November 4th, 2006, 7:07 pm
Location: Hollywood Ca.

Post Posted December 24th, 2017, 6:04 pm

c627627 wrote: a red alert bug

This one?
Image
#KeepFightingMichael

c627627

User avatar
 
Posts: 562
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted December 24th, 2017, 6:23 pm

No sir.
A much scarier one ↓ I don't even have a twitter account but know that %$#@! millennials use that thing on hourly bases. A browser that does not play twitter is not a browser any more to them.
But as was pointed out that this isn't even designated as a bug, maybe you are right that it doesn't matter.

> http://www.c627627.com/IMG/Other/BrowserStatistics.jpg
Last edited by LIMPET235 on December 24th, 2017, 10:44 pm, edited 1 time in total.
Reason: Image tags removed to restore the forum layout....again.
Open the pod bay doors, Cortana.

atlanto
 
Posts: 66
Joined: March 7th, 2015, 4:19 pm
Location: Japan

Post Posted December 24th, 2017, 6:46 pm

FWIW, though this may be off topic now, another way(not a solution) is
dom.workers.enabled;false

Since Chrome(Vivaldi) also detects CSP violation
>>
build.min.js:148 Refused to create a worker from 'blob:https://twitter.com/7a9bb74d-7d98-449f-95bb-bddb38ed7609' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'self' http://localhost:* http://localhost.twitter.com:* https://*.twitter.com https://*.twimg.com https://vine.co https://*.vine.co https://*.periscope.tv https://*.pscp.tv". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
<<
There might be something difference of Worker implementation or something wrong in error handling of build.min.js or ...
I have no idea.

Frank Lion

User avatar
 
Posts: 20102
Joined: April 23rd, 2004, 6:59 pm
Location: ... The Exorcist....United Kingdom

Post Posted December 25th, 2017, 3:02 am

Image
Metal Lion latest SeaMonkey & Thunderbird Themes - Sea Monkey and Silver Sea Monkey
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)

Gingerbread Man

User avatar
 
Posts: 7742
Joined: January 30th, 2007, 10:55 am

Post Posted December 25th, 2017, 3:28 pm

c627627 wrote:First of all, is this it a legit bug in your opinion and in the opinion of senior members here?

Twitter is instructing the browser to behave in a certain way. That behavior results in the videos failing to play when embedded on other sites. According to bug 1425672, comment 9, the CSP3 specification doesn't clarify whether Twitter is doing something wrong or Firefox is. The developers will sort it out later. Regardless of who's right, it could result in a change in the site, the browser, the specification, or all of the above.

c627627

User avatar
 
Posts: 562
Joined: April 3rd, 2005, 12:58 pm
Location: Kansas

Post Posted December 25th, 2017, 3:48 pm

Thank you.
And especially thank you for posting a solution that does not involve disabling all of security settings.
I have zero interest in twitter but am waiting to modify my Firefox images that my family uses based on whether Mozilla even considers this a problem. Would you mind posting here when you hear eventually if they think this is a problem, and if so when the fix would be coming? Because if this is not seen as a problem then your solution needs to be applied for anyone using twitter or similar services.
Open the pod bay doors, Cortana.

Return to Firefox Support


Who is online

Users browsing this forum: Bing [Bot] and 12 guests