Firefox script-loading errors

Funny how googling errors works. Trying to test Stripe.js locally (using ngrok to get https links)... In Firefox, I kept getting a CSP error: Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”).

Okay, I have a general understanding of CSP, but it was working in production, why not here?

One of the top search hits was a thread on the Redux DevTools repo. "Looks like this is a long standing bug with Firefox being too strict with CSP and applying the rules as well on scripts injected by extensions & bookmarklets.

My script isn't coming from an extension or bookmarklelt, but sure enough, when I switched over to Chrome and Safari, it works. Another wasted 2 hours, thanks to browser weirdness.

(This site best viewed in Netscape Navigator at 640 x 480.)

  • Firefox
  • browser wars
  • stripe.js
  • ngrok