admin管理员组

文章数量:1391943

I am running into an issue with a eCommerce website that appears to work fine on desktop and Android browsers, however when loading the site on a Apple based device with Safari it is breaking some other javascript functionality that the page uses (e.g such as jQuery performing a page-reload on changing an option from a 'Sort By' dropdown menu.

I don't have an actual iOS phone to test but have put the website in question into an iOS simulator running an 'iPhone 16' with Safari and enabled debugging so I can view the console errors directly on my Mac Mini. Note - these issues ONLY happen on iOS devices with Safari and not Android (also no issues with regular desktop browsers).

When loading a particular category page I am getting the following error within the simulator console (note I have changed the site url for security reasons)

Refused to load .html?origin=https%3A%2F%2Fwww.mysite  because it does not appear in the frame-src directive of the Content Security Policy.
Refused to load .html?origin=https%3A%2F%2Fwww.mysite&1p=1 because it does not appear in the frame-src directive of the Content Security Policy.

Would this require me to alter some Content Security Policy (CSP) settings to take this into account properly? I am not too familiar with CSP so any advice is welcomed, but I am reading that the Safari browser ITP (Intelligent Tracking Prevention) is much more aggressive than Android browsers and this can affect how service workers and tracking-related iframes are loaded which maybe effecting the Google Tag Manager in this instance.

So an example of the flow would be :

  • User goes to xxx page and selects 'Sort by lowest price' from the dropdown
  • This performs a page reload with the lowest price product
  • On safari devices this breaks so using the dropdown will not actually perform a page reload

I am debugging this using an iOS simulator on my mac, with the following versions if this helps: Running MacOS 15.3.2 Xcode 16.2 Simulator 16.0 (1038) Safari browser

本文标签: javascriptPotential CSP issue with Safari only devices and Google Tag ManagerStack Overflow

版权声明:本文标题:javascript - Potential CSP issue with Safari only devices and Google Tag Manager - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744701674a2620598.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。