Opened 4 years ago

Closed 4 years ago

#22357 closed defect (fixed)

Drop down menus are broken on Tor Browser download page

Reported by: arthuredelstein Owned by: arthuredelstein
Priority: Immediate Milestone:
Component: Webpages/Website Version:
Severity: Normal Keywords:
Cc: gk, boklm, hiro Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Jonathan Hao at Mozilla reported that the language drop-down menus for selecting a Tor Browser locale on are not working. I can confirm this on Chrome and Firefox.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by arthuredelstein

Cc: gk boklm added
Owner: changed from linda to arthuredelstein
Status: newaccepted

I noticed in the JS console that the following error is being reported:

Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”). Source: 
  function updateLang() {
    var calle....

Turns out CSP is being enforced and the website is not including "script-src 'unsafe-inline'", so the inline updateLang function doesn't run. Did our CSP get changed recently?

I wrote a patch that moves this inline function to an existing external JavaScript file instead. Unfortunately the bundle version numbers are stored in webml variables and these are only inserted in .html files. Therefore I introduced an invisible <span> in our .html file whose contents contain the version numbers. The updateLang function then parses these version numbers and inserts them into the links as needed.

Last edited 4 years ago by arthuredelstein (previous) (diff)

comment:2 Changed 4 years ago by arthuredelstein

Status: acceptedneeds_review

comment:3 Changed 4 years ago by arthuredelstein

Cc: hiro added

comment:4 Changed 4 years ago by arthuredelstein

Priority: MediumImmediate

comment:6 Changed 4 years ago by arma

Resolution: fixed
Status: needs_reviewclosed

Arthur likes it! I'm closing. Please reopen if something is busted.

Note: See TracTickets for help on using tickets.