Mediawiki with CSP producting 'Browser out of date' error for Chrome.
I have an issue on our Mediawiki 1.40.0 site where trying to edit a page in Edge/Chrome advises browser out of date. I can see we are getting a CSP error related to worker-src specifically about it being violated. Example CSP error is 'Refused to create a worker from 'blob:https://wiki.hostname.net/[Random UID here]' because it violates the following Content Security Policy directive: "worker-src blob:'. I have tried specifying blog however no luck and it still catches CSP if I use a source directive.
If I disable CSP the page still does a CAPTCHA check (Separate issue I have a ticket for) however it does work.
Has anyone come across this before?
1 Reply
Ok thats weird without any changes it's not throwing any CSP error now. Been testing page editing for the last hour and it's been doing it consistently...
Ok so it's started randomly happening again now!
Tried adding 'worker-src blob:;' again to CSP using Transform rules in CF and it seems to have fixed it at least in my testing. Not sure why this didn't work before, possibly a mistake is my CSP I guess