<rdar://problem/134436437>

I can't reproduce this on 282561@main. Both icons and names show up fine. Maybe we've progressed since stp 201?

I just tried on STP 201 and see all OneDrive icons as expected. @laiz+webkit@laiz.xyz: Are you still seeing this behavior? If you are, would you be willing to share any WebInspector console errors being generated? Do you happen to have any content blocker of other extensions installed?

I tested on macOS 14.5 and macOS 15.0 Beta with STP 201 and could not reproduce. I'm updating a system to macOS 14.6.1 to match the reporter as a final check.

(In reply to Brent Fulgham from comment #3) > I just tried on STP 201 and see all OneDrive icons as expected. > > @laiz+webkit@laiz.xyz: Are you still seeing this behavior? If you are, would > you be willing to share any WebInspector console errors being generated? > > Do you happen to have any content blocker of other extensions installed? Hey Brent, thank you for looking into this. I currently do not have any extensions installed and both Safari and Safari TP should be running default settings across the board. I must admit there is one potential issue the significance of which I cannot comment on as I have only limited exposure to Microsoft and OneDrive. I noticed that when I access OneDrive on either my university or work account, the url is *-my.sharepoint.com/my . I am not sure if Microsoft has completely replaced their OneDrive branding with Sharepoint (the page header at the top still says OneDrive, however.) Nevertheless, here are the console errors that are printed when I attempt to view 'My Files' on OneDrive/Sharepoint: [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865711297&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865711297&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865712301&time-delta-to-apply-millis=30 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865712301&time-delta-to-apply-millis=30 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://ac0565d4e0034c4163d080fe84c8ba97.fp.measure.office.com/apc/trans.gif?8b36113a09d80667d9f781d711e7d818 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://ac0565d4e0034c4163d080fe84c8ba97.fp.measure.office.com/apc/trans.gif?8b36113a09d80667d9f781d711e7d818 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://ac0565d4e0034c4163d080fe84c8ba97.fp.measure.office.com/apc/trans.gif?2c9565377617f900b78707e9e7541bac because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://ac0565d4e0034c4163d080fe84c8ba97.fp.measure.office.com/apc/trans.gif?2c9565377617f900b78707e9e7541bac because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?8432c491363df3af8c3f47ed8ea19a7d because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?8432c491363df3af8c3f47ed8ea19a7d because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?32dac34e961420a87d9b85db51bd1c74 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?32dac34e961420a87d9b85db51bd1c74 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office.com/apc/trans.gif?287703ff284a234a5fcca43bb313e2b3 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office.com/apc/trans.gif?287703ff284a234a5fcca43bb313e2b3 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office.com/apc/trans.gif?949ae574d86103656067478a0a3b7355 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office.com/apc/trans.gif?949ae574d86103656067478a0a3b7355 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865771893&time-delta-to-apply-millis=30 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865771893&time-delta-to-apply-millis=30 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865826268&time-delta-to-apply-millis=30 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865826268&time-delta-to-apply-millis=30 because it does not appear in the connect-src directive of the Content Security Policy. [Error] Unhandled Promise Rejection: TypeError: null is not an object (evaluating 't.fci') (anonymous function) (odblightspeedwebpack.js:120:21136) [Error] Not allowed to request resource (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] Fetch API cannot load http://localhost:42050/3TfKeLYfj6gI4vhmU41CyAIR8i5b8FTGhGhXWjrF1jc/Sync/Lists due to access control checks. (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] Not allowed to request resource (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] Fetch API cannot load http://localhost:42050/9XvJUQ3PaZPUhM9PEMqYuiS7vQEFhgwl3kGBqPJVw/Sync/Lists due to access control checks. (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] [Report Only] Refused to connect to https://config.fp.measure.office.com/conf/v2/o365se/fpconfig.min.json?monitorId=O365se because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://config.fp.measure.office.com/conf/v2/o365se/fpconfig.min.json?monitorId=O365se because it does not appear in the connect-src directive of the Content Security Policy. [Error] Source Map loading errors (x2) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865828661&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865828661&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] Failed to load resource: the server responded with a status of 401 (Unauthorized) (sso, line 0) [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865829664&time-delta-to-apply-millis=25 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865829664&time-delta-to-apply-millis=25 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://cf6b97cd9ec15a757eb549a39bd4d3ab.fp.measure.office.com/apc/trans.gif?268150429a487282a5435232f8e084e5 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://cf6b97cd9ec15a757eb549a39bd4d3ab.fp.measure.office.com/apc/trans.gif?268150429a487282a5435232f8e084e5 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://cf6b97cd9ec15a757eb549a39bd4d3ab.fp.measure.office.com/apc/trans.gif?2ac2caad073e3eb5fd23c05cfc54041a because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://cf6b97cd9ec15a757eb549a39bd4d3ab.fp.measure.office.com/apc/trans.gif?2ac2caad073e3eb5fd23c05cfc54041a because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?995ada535c92a5afb0381914174e4b01 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?995ada535c92a5afb0381914174e4b01 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?dd5a9626dab1431230bf205e70d8b822 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?dd5a9626dab1431230bf205e70d8b822 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-atm.office.com/apc/trans.gif?e3dbae63b27a16c3f075829470703de1 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-atm.office.com/apc/trans.gif?e3dbae63b27a16c3f075829470703de1 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-atm.office.com/apc/trans.gif?d6493f340c0066308939a88a45a08f51 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-atm.office.com/apc/trans.gif?d6493f340c0066308939a88a45a08f51 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865889263&time-delta-to-apply-millis=25 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724865889263&time-delta-to-apply-millis=25 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy.

I updated my macOS 14.5 computer to 14.6.1, and with STP 201 I still do not see this error. However, I do notice that the reporter is seeing lots of EU origins in the error messages, which I do not. I wonder if there is some difference based on CDN or locale.

(In reply to laiz+webkit from comment #5) > thank you for looking into this. I currently do not have any extensions > installed and both Safari and Safari TP should be running default settings > across the board. Thank you for confirming. That matches my setup, so I'm at least looking at the right thing. > > I must admit there is one potential issue the significance of which I cannot > comment on as I have only limited exposure to Microsoft and OneDrive. I > noticed that when I access OneDrive on either my university or work account, > the url is *-my.sharepoint.com/my . I am not sure if Microsoft has > completely replaced their OneDrive branding with Sharepoint (the page header > at the top still says OneDrive, however.) That is interesting. I do not see any Sharepoint origins in my console. I wonder if that is somehow related to the issue. I'll reach out to some EU WebKit folks to see if they can reproduce what you are seeing.

I wonder if this is the issue: [Error] Fetch API cannot load http://localhost:42050/9XvJUQ3PaZPUhM9PEMqYuiS7vQEFhgwl3kGBqPJVw/Sync/Lists due to access control checks. @laiz+webkit@laiz.xyz: Do you see Fetch API errors like this when you run with the stock Safari in 14.6.1? I wonder if a security change is triggering an error that has the visual result of stopping these icons from showing.

(In reply to Brent Fulgham from comment #8) > I wonder if this is the issue: > [Error] Fetch API cannot load > http://localhost:42050/9XvJUQ3PaZPUhM9PEMqYuiS7vQEFhgwl3kGBqPJVw/Sync/Lists > due to access control checks. > > @laiz+webkit@laiz.xyz: Do you see Fetch API errors like this when you run > with the stock Safari in 14.6.1? I wonder if a security change is triggering > an error that has the visual result of stopping these icons from showing. The fetch API errors seem to still be there. The following is the error log from Safari Version 17.6 (19618.3.11.11.5) on which everything works as expected. [Error] Source Map loading errors (x3) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] Failed to load resource: the server responded with a status of 401 (Unauthorized) (sso, line 0) [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869590021&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869590021&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869591025&time-delta-to-apply-millis=373 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869591025&time-delta-to-apply-millis=373 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://8e3be35791f8129add58ef4e14ace488.fp.measure.office.com/apc/trans.gif?ce0301d0a3fcb18f25f696328cb5536c because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://8e3be35791f8129add58ef4e14ace488.fp.measure.office.com/apc/trans.gif?ce0301d0a3fcb18f25f696328cb5536c because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://8e3be35791f8129add58ef4e14ace488.fp.measure.office.com/apc/trans.gif?ae0753001125fab1ed0f9d006fb52864 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://8e3be35791f8129add58ef4e14ace488.fp.measure.office.com/apc/trans.gif?ae0753001125fab1ed0f9d006fb52864 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?541f8f905479f517f3fab4e13fe40bc6 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?541f8f905479f517f3fab4e13fe40bc6 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?ae911ddf5459978aa895b801d7f4be6a because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office365.com/apc/trans.gif?ae911ddf5459978aa895b801d7f4be6a because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-atm.office.com/apc/trans.gif?b8f58e5ce9d258bf02799554efa1f40d because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-atm.office.com/apc/trans.gif?b8f58e5ce9d258bf02799554efa1f40d because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-atm.office.com/apc/trans.gif?eec81c4d846e73e4ed817d858fa16ba9 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-atm.office.com/apc/trans.gif?eec81c4d846e73e4ed817d858fa16ba9 because it does not appear in the connect-src directive of the Content Security Policy. [Error] Failed to load resource: the server responded with a status of 401 (Unauthorized) (sso, line 0) [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.17&apikey=b0c82c6598ad49f3848b1d3dc0d8dd25-299cbfe9-b72e-4e9d-a5e3-20319efba5b5-7268&upload-time=1724869608519&time-delta-to-apply-millis=77&w=2&NoResponseBody=true because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869608523&time-delta-to-apply-millis=373 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.17&apikey=b0c82c6598ad49f3848b1d3dc0d8dd25-299cbfe9-b72e-4e9d-a5e3-20319efba5b5-7268&upload-time=1724869608519&time-delta-to-apply-millis=77&w=2&NoResponseBody=true because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869608523&time-delta-to-apply-millis=373 because it does not appear in the connect-src directive of the Content Security Policy. [Error] Not allowed to request resource (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] Fetch API cannot load http://localhost:42050/3TfKeLYfj6gI4vhmU41CyAIR8i5b8FTGhGhXWjrF1jc/Sync/Lists due to access control checks. (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] Not allowed to request resource (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] Fetch API cannot load http://localhost:42050/9XvJUQ3PaZPUhM9PEMqYuiS7vQEFhgwl3kGBqPJVw/Sync/Lists due to access control checks. (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] Unhandled Promise Rejection: TypeError: null is not an object (evaluating 't.fci') (anonymous function) (odblightspeedwebpack.js:120:21136) [Error] [Report Only] Refused to connect to https://config.fp.measure.office.com/conf/v2/o365se/fpconfig.min.json?monitorId=O365se because it does not appear in the connect-src directive of the Content Security Policy. [Error] Failed to load resource: the server responded with a status of 401 (Unauthorized) (sso, line 0) [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869611179&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869611179&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869612187&time-delta-to-apply-millis=77 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869612187&time-delta-to-apply-millis=77 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://4142a2fb1dc016c667fd8029d4847264.fp.measure.office.com/apc/trans.gif?b344934f84705f7f3b7cdc1e69f75260 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://4142a2fb1dc016c667fd8029d4847264.fp.measure.office.com/apc/trans.gif?b344934f84705f7f3b7cdc1e69f75260 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://4142a2fb1dc016c667fd8029d4847264.fp.measure.office.com/apc/trans.gif?e29b60647f7a765d1a3b5c27d53ca23e because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://4142a2fb1dc016c667fd8029d4847264.fp.measure.office.com/apc/trans.gif?e29b60647f7a765d1a3b5c27d53ca23e because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://graph-next.fp.measure.office.com/apc/trans.gif?e73de2a85ef18f5e319b2e1474b2f737 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://graph-next.fp.measure.office.com/apc/trans.gif?e73de2a85ef18f5e319b2e1474b2f737 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://graph-next.fp.measure.office.com/apc/trans.gif?177f89a82f490c820cd6cd76a897b853 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://graph-next.fp.measure.office.com/apc/trans.gif?177f89a82f490c820cd6cd76a897b853 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ofc-atm.office.com/apc/trans.gif?6e6c87f69edd7204ae13a8da7cfbfb45 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ofc-atm.office.com/apc/trans.gif?6e6c87f69edd7204ae13a8da7cfbfb45 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ofc-atm.office.com/apc/trans.gif?f189f3372c839a075d0f582a4ebd63ef because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ofc-atm.office.com/apc/trans.gif?f189f3372c839a075d0f582a4ebd63ef because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.17&apikey=b0c82c6598ad49f3848b1d3dc0d8dd25-299cbfe9-b72e-4e9d-a5e3-20319efba5b5-7268&upload-time=1724869670000&time-delta-to-apply-millis=73&w=2&NoResponseBody=true because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.17&apikey=b0c82c6598ad49f3848b1d3dc0d8dd25-299cbfe9-b72e-4e9d-a5e3-20319efba5b5-7268&upload-time=1724869670000&time-delta-to-apply-millis=73&w=2&NoResponseBody=true because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869672097&time-delta-to-apply-millis=77 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724869672097&time-delta-to-apply-millis=77 because it does not appear in the connect-src directive of the Content Security Policy.

I can NOT reproduce it from Japan testing on * STP 201 * with the domain https://onedrive.live.com/ (not a sharepoint hosted version) As for the log ``` [Info] Successfully preconnected to https://res-1.cdn.office.net/ [Log] Session ID: – "***" (plt.listviewdataprefetch.js, line 71) [Log] Time in UTC: – "Thu, 29 Aug 2024 00:22:14 GMT" (plt.listviewdataprefetch.js, line 71) [Log] [SPWebWorker] : processed 4 message event(s) from queue. (spwebworker.js, line 9) [Warning] Some icons were re-registered. Applications should only call registerIcons for any given icon once. Redefining what an icon is may have unintended consequences. Duplicates include: (67.js, line 143) emptyFolder, emptyFolderWithDrop, emptyFolder, emptyFolderWithDrop, svg/access_16x1.svg, png/access_16x1.png, svg/delve_16x1.svg, png/delve_16x1.png, svg/excel_16x1.svg, png/excel_16x1.png (+ 262 more) [Error] Unhandled Promise Rejection: TypeError: null is not an object (evaluating 't.fci') (anonymous function) (plt.listviewdataprefetch.js:51:21466) [Error] Failed to load resource: the server responded with a status of 500 (Internal Server Error) (GetUserInfo, line 0) [Warning] Promise with no error callback:2 (plt.listviewdataprefetch.js, line 47) [Log] {exception: null, error: Object, promise: e, handler: undefined, id: 2, …} (plt.listviewdataprefetch.js, line 47) [Info] Successfully preconnected to https://res.cdn.office.net/ [Error] Source Map loading errors (x2) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) ``` the t.fci error is visible in my case too. So that seems irrelevant for the bug. @laiz+webkit@laiz.xyz I see only error messages and no warnings and logs in your console report. Do you have only Error selected at the top of the console? in my log one interesting message is ``` [Warning] Some icons were re-registered. Applications should only call registerIcons for any given icon once. Redefining what an icon is may have unintended consequences. Duplicates include: (67.js, line 143) emptyFolder, emptyFolderWithDrop, emptyFolder, emptyFolderWithDrop, svg/access_16x1.svg, png/access_16x1.png, svg/delve_16x1.svg, png/delve_16x1.png, svg/excel_16x1.svg, png/excel_16x1.png (+ 262 more) ``` The warning is coming from https://res-1.cdn.office.net/files/odsp-web-prod_2024-08-16.002/odclightspeedwebpack.manifest/67.js ``` function Ye(e) { var t = void 0, n = Ge.__options; if (e = e ? We(e) : "", e = Ge.__remapped[e] || e) if (t = Ge[e]) { var i = t.subset; i && i.fontFace && (i.isRegistered || ((0, ze.a)(i.fontFace), i.isRegistered = !0), i.className || (i.className = (0, a.b)(i.style, { fontFamily: i.fontFace.fontFamily, fontWeight: i.fontFace.fontWeight || "normal", fontStyle: i.fontFace.fontStyle || "normal" }))) } else !n.disableWarnings && n.warnOnMissingIcons && (0, Ve.a)('The icon "'.concat(e, '" was used but not registered. See https://github.com/microsoft/fluentui/wiki/Using-icons for more information.')); return t } ``` and ``` var Je = [], Xe = void 0; function Ze(e) { Ge.__options.disableWarnings || (Je.push(e), void 0 === Xe && (Xe = setTimeout(function() { (0, Ve.a)("Some icons were re-registered. Applications should only call registerIcons for any given icon once. Redefining what an icon is may have unintended consequences. Duplicates include: \n" + Je.slice(0, 10).join(", ") + (Je.length > 10 ? " (+ ".concat(Je.length - 10, " more)") : "")), Xe = void 0, Je = [] }, 2e3))) } ``` if I set a breakpoint and I go step by step ``` [Warning] The icon "chevrondownmed" was used but not registered. See https://github.com/microsoft/fluentui/wiki/Using-icons for more information. (67.js, line 143) [Warning] The icon "chevrondownmed" was used but not registered. See https://github.com/microsoft/fluentui/wiki/Using-icons for more information. (67.js, line 143, x4) … etc. ``` That said my icons are *displayed*. Also the link https://github.com/microsoft/fluentui/wiki/Using-icons is not relevant anymore. Maybe the modern version is https://react.fluentui.dev/?path=/docs/icons-overview--docs I also do not have all the CSP errors displayed above.

@laiz+webkit@laiz.xyz 1. could you find another user in your org with the same access to onedrive and see if they can reproduce with STP 201. 2. you said it was working on Safari Version 17.6, so on STP 201, Could you (THIS WILL ERASE ALL YOUR LOGIN INFO) 2.1 Open STP 201 Settings 2.2 Go to Privacy 2.3 Click on Manage Website Data… 2.4 search for live.com, select live.com, and Click Remove 2.5 Same thing for microsoft.com, office.com, office365.com This is destructive of your local data and login. So you have to make sure that you have your login/password AND that local work is sync to the server. And you can try again. In your console log, there are also messages to local resources such as, which would lead to a misconfiguration. [Error] Fetch API cannot load http://localhost:42050/3TfKeLYfj6gI4vhmU41CyAIR8i5b8FTGhGhXWjrF1jc/Sync/Lists due to access control checks.

(In reply to Karl Dubost from comment #11) > @laiz+webkit@laiz.xyz > > 1. could you find another user in your org with the same access to onedrive > and see if they can reproduce with STP 201. Unfortunately I am the *only* person (to my knowledge) in my organizations who uses a Mac. > 2. you said it was working on Safari Version 17.6, > so on STP 201, Could you (THIS WILL ERASE ALL YOUR LOGIN INFO) > > 2.1 Open STP 201 Settings > 2.2 Go to Privacy > 2.3 Click on Manage Website Data… > 2.4 search for live.com, select live.com, and Click Remove > 2.5 Same thing for microsoft.com, office.com, office365.com > > This is destructive of your local data and login. So you have to make sure > that you have your login/password AND that local work is sync to the server. > And you can try again. This did not solve the issue. > > In your console log, there are also messages to local resources such as, > which would lead to a misconfiguration. > > > [Error] Fetch API cannot load > http://localhost:42050/3TfKeLYfj6gI4vhmU41CyAIR8i5b8FTGhGhXWjrF1jc/Sync/ > Lists due to access control checks. I am also confused by these localhost resources as no configuration towards anything like that has been done by me. It is curious how both organizations I am part of (a university with thousands of students, staff etc.) and a small municipality on the other side of the country with less than a hundred users have similar localhost errors/warnings in the logs. >I see only error messages and no warnings and logs in your console report. >Do you have only Error selected at the top of the console? See below for the full console log. The prior ones were indeed only errors as that is what was requested, apologies for that miscommunication. [Error] Source Map loading errors (x3) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] Failed to load resource: the server responded with a status of 404 () (meInlineBackCompat.min.js.map, line 0) [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927847515&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927847515&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Warning] Some icons were re-registered. Applications should only call registerIcons for any given icon once. Redefining what an icon is may have unintended consequences. Duplicates include: (fui.util-153996e1.js, line 1) emptyFolder, emptyFolderWithDrop, emptyFolder, emptyFolderWithDrop, AddToPlaylistIcon, CopilotIcon, VisuallyImpaired [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927848520&time-delta-to-apply-millis=214 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927848520&time-delta-to-apply-millis=214 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.17&apikey=b0c82c6598ad49f3848b1d3dc0d8dd25-299cbfe9-b72e-4e9d-a5e3-20319efba5b5-7268&upload-time=1724927853013&time-delta-to-apply-millis=202&w=2&NoResponseBody=true because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927853017&time-delta-to-apply-millis=214 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.17&apikey=b0c82c6598ad49f3848b1d3dc0d8dd25-299cbfe9-b72e-4e9d-a5e3-20319efba5b5-7268&upload-time=1724927853013&time-delta-to-apply-millis=202&w=2&NoResponseBody=true because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927853017&time-delta-to-apply-millis=214 because it does not appear in the connect-src directive of the Content Security Policy. [Info] Successfully preconnected to https://res-1.cdn.office.net/ [Warning] Parsing application manifest https://(myorganization)-my.sharepoint.com/_layouts/15/spwebappmanifest.ashx?app=OneDrive: The value of shortcuts is not a valid array. [Log] Not one page nav, startPrefetch (plt.listviewdataprefetch.js, line 88) [Log] Session ID: – "00000000-0000-0000-0000-000000000000" (odblightspeedwebpack.js, line 675) [Log] Time in UTC: – "Thu, 29 Aug 2024 10:37:33 GMT" (odblightspeedwebpack.js, line 675) [Error] Unhandled Promise Rejection: TypeError: null is not an object (evaluating 't.fci') (anonymous function) (odblightspeedwebpack.js:120:21136) [Log] Session ID: – "475ed223-3f27-4f56-bac0-6193b2377c25" (spartanlistpostpltworker.js, line 7) [Log] Time in UTC: – "Thu, 29 Aug 2024 10:37:33 GMT" (spartanlistpostpltworker.js, line 7) [Info] Successfully preconnected to https://res.cdn.office.net/ [Error] [Report Only] Refused to connect to https://config.fp.measure.office.com/conf/v2/o365se/fpconfig.min.json?monitorId=O365se because it does not appear in the connect-src directive of the Content Security Policy. [Warning] [blocked] The page at https://(myorganization)-my.sharepoint.com/my requested insecure content from http://localhost:42050/D9OqlOeYoV3cbnzA6S8LKIqhxRDmMCphxDq4MH4Q/Sync/Lists. This content was blocked and must (odblightspeedwebpack.js, line 120) [Error] Not allowed to request resource (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] Fetch API cannot load http://localhost:42050/D9OqlOeYoV3cbnzA6S8LKIqhxRDmMCphxDq4MH4Q/Sync/Lists due to access control checks. (anonymous function) (odblightspeedwebpack.js:120:3924) Promise (anonymous function) (odblightspeedwebpack.js:120:3820) (anonymous function) (256.js:1:45711) (anonymous function) (256.js:1:42426) map (anonymous function) (256.js:1:42377) (anonymous function) (tslib-e9cf7774.js:2:3417) o (tslib-e9cf7774.js:2:2264) [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927855072&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927855072&time-delta-to-apply-millis=use-collector-delta because it does not appear in the connect-src directive of the Content Security Policy. [Warning] Some icons were re-registered. Applications should only call registerIcons for any given icon once. Redefining what an icon is may have unintended consequences. Duplicates include: (fui.util-153996e1.js, line 1) emptyFolder, emptyFolderWithDrop, emptyFolder, emptyFolderWithDrop, AddToPlaylistIcon, CopilotIcon, VisuallyImpaired [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927856078&time-delta-to-apply-millis=17 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927856078&time-delta-to-apply-millis=17 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&w=2 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://9b41e89bce7082ecd790c29aad8d5a99.fp.measure.office.com/apc/trans.gif?6823170e71fea5ad637e37f4b6e54bf0 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://9b41e89bce7082ecd790c29aad8d5a99.fp.measure.office.com/apc/trans.gif?6823170e71fea5ad637e37f4b6e54bf0 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://9b41e89bce7082ecd790c29aad8d5a99.fp.measure.office.com/apc/trans.gif?d9df98e32a864682f8722e6464782e23 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://9b41e89bce7082ecd790c29aad8d5a99.fp.measure.office.com/apc/trans.gif?d9df98e32a864682f8722e6464782e23 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office.com/apc/trans.gif?0c7fa157639a39df123c6852cf5cc87f because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office.com/apc/trans.gif?0c7fa157639a39df123c6852cf5cc87f because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office.com/apc/trans.gif?3c2a61503f7846ad2ad107a29989d112 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://outlook.office.com/apc/trans.gif?3c2a61503f7846ad2ad107a29989d112 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-fs.office.com/apc/trans.gif?96f48578c8201d912575c0ccbaefe6d3 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-fs.office.com/apc/trans.gif?96f48578c8201d912575c0ccbaefe6d3 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-fs.office.com/apc/trans.gif?81aa6b981a295652fb86544176c68cbc because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://tr-ooc-fs.office.com/apc/trans.gif?81aa6b981a295652fb86544176c68cbc because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.17&apikey=b0c82c6598ad49f3848b1d3dc0d8dd25-299cbfe9-b72e-4e9d-a5e3-20319efba5b5-7268&upload-time=1724927914037&time-delta-to-apply-millis=13&w=2&NoResponseBody=true because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-office.events.data.microsoft.com/OneCollector/1.0/?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.17&apikey=b0c82c6598ad49f3848b1d3dc0d8dd25-299cbfe9-b72e-4e9d-a5e3-20319efba5b5-7268&upload-time=1724927914037&time-delta-to-apply-millis=13&w=2&NoResponseBody=true because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927916211&time-delta-to-apply-millis=17 because it does not appear in the connect-src directive of the Content Security Policy. [Error] [Report Only] Refused to connect to https://eu-mobile.events.data.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-JS-1.8.6&content-encoding=base64&x-apikey=21d9f63f7fbc4707beb42a3e1e4917be-40627a7f-071b-46d1-9227-3715668b8b52-7162&client-time-epoch-millis=1724927916211&time-delta-to-apply-millis=17 because it does not appear in the connect-src directive of the Content Security Policy.

Created attachment 472364 [details] rendering in safari STP 202 OK lucky! I'm kind of reproducing on https://onedrive.live.com/?id=root&cid=61C66B9F1F961172&qt=mru It took almost one minute before the icons and names show up. On the screenshot of the report this is not only icons, the names are not there too. So when inspecting the content as soon as I'm selecting in the Web Inspector, the image element, the full line appears or kind of. The line is an SVG file, but this is not specific to the image. Ok it really looks like a layout and rendering issue now. :) because the content is here, but it can disappear and appears completely when activating/deactivating CSS properties.

I was able to reproduce this bug on the "Home," tab but not quite the "My Files," tab but they appear to be the same issue. My current theory is that this has something to do with content-visibility because an ancestor which contains the contents of the list/rows has content-visibility: auto and toggling that off seems to cause the content to reappear. Stepping in the debugger it also seems to reveal we are skipping layout for these renderers due to isSkippedContentForLayout()

@laiz+webkit@laiz.xyz: could you please try disabling "CSS Content Visibility," via Safari Settings > Feature Flags, refresh, and see if that makes the content reappear? That should help me determine whether or not I am on the right track towards finding the source of the bug

(In reply to Sammy Gill from comment #15) > @laiz+webkit@laiz.xyz: could you please try disabling "CSS Content > Visibility," via Safari Settings > Feature Flags, refresh, and see if that > makes the content reappear? That should help me determine whether or not I > am on the right track towards finding the source of the bug I am happy to report that indeed makes the content reappear, and everything seems to work as expected.

Created attachment 472472 [details] Testcase Reduced testcase

Relevant spec issue: https://github.com/w3c/csswg-drafts/issues/10848

Pull request: https://github.com/WebKit/WebKit/pull/33273

Committed 283345@main (76f7fe96cdbb): <https://commits.webkit.org/283345@main> Reviewed commits have been landed. Closing PR #33273 and removing active labels.

Committed 283286.9@safari-7620-branch (5799c125d4e0): <https://commits.webkit.org/283286.9@safari-7620-branch> Reviewed commits have been landed. Closing PR #1722 and removing active labels.

Committed 280938.324@safari-7619-branch (f77c08f58187): <https://commits.webkit.org/280938.324@safari-7619-branch> Reviewed commits have been landed. Closing PR #1740 and removing active labels.