a certain major healthcare identity provider for a certain major hospital network has managed to completely break their login page on firefox

this is because their login page is an embedded okta login which requires unsafe-inline enabled in the content security policy (!!!! what the fuck!!!!!), and firefox seems to reject this by default

of all the industries trying to modernize for the internet still, i think the healthcare industry pulls the most nonsensically insecure and dangerous bullshit

Follow

it's actually just broken: the CSP the page serves includes directives that override the unsafe-inline declaration anyway. somehow chrome thinks this is normal and goes along with it, but firefox rightfully errs on the safe side?

chrome's near monopoly is worse than the ie6 nightmare

Sign in to participate in the conversation
Awoo Space

Awoo.space is a Mastodon instance where members can rely on a team of moderators to help resolve conflict, and limits federation with other instances using a specific access list to minimize abuse.

While mature content is allowed here, we strongly believe in being able to choose to engage with content on your own terms, so please make sure to put mature and potentially sensitive content behind the CW feature with enough description that people know what it's about.

Before signing up, please read our community guidelines. While it's a very broad swath of topics it covers, please do your best! We believe that as long as you're putting forth genuine effort to limit harm you might cause – even if you haven't read the document – you'll be okay!