Created attachment 278402 [details] blogger.png webkitgtk4-devel-2.12.2-2.fc24 With the following errors: Refused to load the script 'https://www.blogger.com/static/v1/gwt/deferredjs/C7B4B081968986544D7D8B6925D71A83/13.cache.js' because it violates the following Content Security Policy directive: "script-src 'self' *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com *.googleapis.com uds.googleusercontent.com https://s.ytimg.com www-onepick-opensocial.googleusercontent.com www-bloggervideo-opensocial.googleusercontent.com www-blogger-opensocial.googleusercontent.com https://www.blogblog.com".
So you think the bug is that *.blogger.com is listed in the CSP, but the resource is being refused anyway? I don't know much anything about CSP.
This is not happening on OS X. Whatever the issue is might be in code that is unique to SOUP or GTK.
(In reply to comment #2) > This is not happening on OS X. Whatever the issue is might be in code that > is unique to SOUP or GTK. Well it's of course possible, but certainly not the most likely solution... could it have been fixed in trunk after we branched? Dan, any chance this looks familiar?
(In reply to comment #3) > (In reply to comment #2) > > This is not happening on OS X. Whatever the issue is might be in code that > > is unique to SOUP or GTK. > > Well it's of course possible, but certainly not the most likely solution... > could it have been fixed in trunk after we branched? Dan, any chance this > looks familiar? Closing this bug as a duplicate of bug #156935. I suspect webkitgtk4-devel-2.12.2-2.fc24 does not contain <http://trac.webkit.org/changeset/200030>. If this is not the case and this issue still reproduces then please re-open this bug with the revision of WebKit used, reproduction steps and the full URL of the blogger.com page that this issue was observed on and any Web Inspector console messages that were emitted. If you can also provide the CSP policy of the page (if it differs from the policy mentioned in comment #0) that would be helpful. The CSP policy of the page may either be delivered via an HTTP header or via an HTML meta element. The former can be seen in the Resource side bar when the affected page is selected in the Resource view of the Web Inspector. The latter can be seen in the markup of the page. *** This bug has been marked as a duplicate of bug 156935 ***
(In reply to comment #4) > Closing this bug as a duplicate of bug #156935. I suspect > webkitgtk4-devel-2.12.2-2.fc24 does not contain > <http://trac.webkit.org/changeset/200030>. Correct. That commit was backported for 2.12.3, so Bastien please let us know if it's fixed in 2.12.3.
(In reply to comment #5) > (In reply to comment #4) > > Closing this bug as a duplicate of bug #156935. I suspect > > webkitgtk4-devel-2.12.2-2.fc24 does not contain > > <http://trac.webkit.org/changeset/200030>. > > Correct. That commit was backported for 2.12.3, so Bastien please let us > know if it's fixed in 2.12.3. Yep, that fixed it, thanks.