[jitsi-users] Jitsi Meet & FireFox 40+


#1

Hi,

i checked out meet.jit.si today and unfortunatly it failed with Firefox.
Google Chrome worked out of the box.
It neither worked with FireFox Mobile Android 3.2, Safari Android 3.2

ReferenceError: mozRTCSessionDescription is not defined
https://meet.jit.si/libs/app.bundle.min.js?v=699
Line 2

Full Log :

Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

(TIME) index.html loaded:

366.625
meet.jit.si (Zeile 12/Line 12)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben. (invalid Security-Header)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

(TIME) document ready:

14521.075
app.bun...s?v=699 (Zeile 1)
localstorage is not supported <---- a big mystery, as local storage
is enabled.
app.bun...s?v=699 (Zeile 8)
local storage is not supported
app.bun...s?v=699 (Zeile 8)
This appears to be Firefox, ver: 36
app.bun...s?v=699 (Zeile 1)
ReferenceError: mozRTCSessionDescription is not defined

app.bun...s?v=699 (Zeile 2, Spalte 11647)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

Marius


#2

Hi,

Are you sure you’re using FF 40+? The logs report FF 36.

Best,
George

···

On Oct 13, 2015, at 11:51 AM, Marius <jitsi@benderirc.de> wrote:

Hi,

i checked out meet.jit.si today and unfortunatly it failed with Firefox. Google Chrome worked out of the box.
It neither worked with FireFox Mobile Android 3.2, Safari Android 3.2

ReferenceError: mozRTCSessionDescription is not defined
https://meet.jit.si/libs/app.bundle.min.js?v=699 <https://meet.jit.si/libs/app.bundle.min.js?v=699>
Line 2

Full Log :

Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
(TIME) index.html loaded:
366.625
meet.jit.si (Zeile 12/Line 12)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben. (invalid Security-Header)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
(TIME) document ready:
14521.075
app.bun...s?v=699 (Zeile 1)
<>
localstorage is not supported <---- a big mystery, as local storage is enabled.
app.bun...s?v=699 (Zeile 8)
<>
local storage is not supported
app.bun...s?v=699 (Zeile 8)
<>
This appears to be Firefox, ver: 36
app.bun...s?v=699 (Zeile 1)
<>
ReferenceError: mozRTCSessionDescription is not defined

app.bun...s?v=699 (Zeile 2, Spalte 11647)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.

Marius
_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#3

Similar thing happened with one of my colleagues. It was on windows 10. this is the difference.

Thanks,

Osama Alshaykh
LinkedIn <https://www.linkedin.com/pub/osama-alshaykh/3/b84/42>

This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message

···

On Oct 13, 2015, at 12:55 PM, George Politis <gp@jitsi.org> wrote:

Hi,

Are you sure you’re using FF 40+? The logs report FF 36.

Best,
George

On Oct 13, 2015, at 11:51 AM, Marius <jitsi@benderirc.de <mailto:jitsi@benderirc.de>> wrote:

Hi,

i checked out meet.jit.si <http://meet.jit.si/> today and unfortunatly it failed with Firefox. Google Chrome worked out of the box.
It neither worked with FireFox Mobile Android 3.2, Safari Android 3.2

ReferenceError: mozRTCSessionDescription is not defined
https://meet.jit.si/libs/app.bundle.min.js?v=699 <https://meet.jit.si/libs/app.bundle.min.js?v=699>
Line 2

Full Log :

Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
(TIME) index.html loaded:
366.625
meet.jit.si (Zeile 12/Line 12)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben. (invalid Security-Header)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
(TIME) document ready:
14521.075
app.bun...s?v=699 (Zeile 1)
<>
localstorage is not supported <---- a big mystery, as local storage is enabled.
app.bun...s?v=699 (Zeile 8)
<>
local storage is not supported
app.bun...s?v=699 (Zeile 8)
<>
This appears to be Firefox, ver: 36
app.bun...s?v=699 (Zeile 1)
<>
ReferenceError: mozRTCSessionDescription is not defined

app.bun...s?v=699 (Zeile 2, Spalte 11647)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.

Marius
_______________________________________________
users mailing list
users@jitsi.org <mailto:users@jitsi.org>
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

oh yes, 41.0.2 .

Marius

···

Am 13.10.2015 um 18:55 schrieb George Politis:

Hi,

Are you sure you’re using FF 40+? The logs report FF 36.


#5

Hi,

Are you sure you’re using FF 40+? The logs report FF 36.

oh yes, 41.0.2 .

Marius
_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

Hi Marius,

This is bizarre. Maybe our browser detection is somehow broken. Could you please open a JS console and type `navigator.userAgent` and then share the output here?

You should get something like this:

navigator.userAgent

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0”

Best,
George

···

On Oct 13, 2015, at 11:59 AM, Marius <jitsi@benderirc.de> wrote:
Am 13.10.2015 um 18:55 schrieb George Politis:


#6

"Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04"

BUT, this is now fixed ... was an addon to switch the useragent .. :frowning:

The rest of the problems persists :

2
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

(TIME) index.html loaded:

307.03000000000003
meet.jit.si (Zeile 12)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

(TIME) document ready:

12891.355
app.bun...s?v=699 (Zeile 1)
localstorage is not supported
app.bun...s?v=699 (Zeile 8)
local storage is not supported
app.bun...s?v=699 (Zeile 8)
This appears to be Firefox, ver: 41
app.bun...s?v=699 (Zeile 1)
ReferenceError: mozRTCSessionDescription is not defined

app.bun...s?v=699 (Zeile 2, Spalte 11647)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

···

Am 13.10.2015 um 19:09 schrieb George Politis:

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0”


#7

Hi,

Do you use any other add ons that maybe disable WebRTC to prevent the leaking of IP addresses? There’s also a config property in FF that disables WebRTC. Could you please check and make sure that this config property is set to true:

media.peerconnection.enabled

Best,
George

···

On Oct 13, 2015, at 12:18 PM, Cyborg <cyborg2@benderirc.de> wrote:

Am 13.10.2015 um 19:09 schrieb George Politis:

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0”

"Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04"

BUT, this is now fixed ... was an addon to switch the useragent .. :frowning:

The rest of the problems persists :

2
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
(TIME) index.html loaded:
307.03000000000003
meet.jit.si (Zeile 12)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
(TIME) document ready:
12891.355
app.bun...s?v=699 (Zeile 1)
<>
localstorage is not supported
app.bun...s?v=699 (Zeile 8)
<>
local storage is not supported
app.bun...s?v=699 (Zeile 8)
<>
This appears to be Firefox, ver: 41
app.bun...s?v=699 (Zeile 1)
<>
ReferenceError: mozRTCSessionDescription is not defined

app.bun...s?v=699 (Zeile 2, Spalte 11647)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#8

Hi,

maybe you have disabled webrtc in your FF
(media.peerconnection.enabled = true/false).

Regards
damencho

···

2015-10-13 12:18 GMT-05:00 Cyborg <cyborg2@benderirc.de>:

Am 13.10.2015 um 19:09 schrieb George Politis:

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101
Firefox/41.0”

"Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.04"

BUT, this is now fixed ... was an addon to switch the useragent .. :frowning:

The rest of the problems persists :

2
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

(TIME) index.html loaded:

307.03000000000003
meet.jit.si (Zeile 12)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

(TIME) document ready:

12891.355
app.bun...s?v=699 (Zeile 1)
localstorage is not supported
app.bun...s?v=699 (Zeile 8)
local storage is not supported
app.bun...s?v=699 (Zeile 8)
This appears to be Firefox, ver: 41
app.bun...s?v=699 (Zeile 1)
ReferenceError: mozRTCSessionDescription is not defined

app.bun...s?v=699 (Zeile 2, Spalte 11647)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#9

WITH this enabled, which it wasn't .. we get this :

2
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

(TIME) index.html loaded:

1011.0500000000001
meet.jit.si (Zeile 12)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.

(TIME) document ready:

19792.345
app.bun...s?v=699 (Zeile 1)
localstorage is not supported
app.bun...s?v=699 (Zeile 8)
local storage is not supported
app.bun...s?v=699 (Zeile 8)
This appears to be Firefox, ver: 41
app.bun...s?v=699 (Zeile 1)
GET https://meet.jit.si/lang/main.json
  
200 OK
  
  192ms
app.bun...s?v=699 (Zeile 28)

Synchrone XMLHttpRequests am Haupt-Thread sollte nicht mehr verwendet
werden, weil es nachteilige Effekte für das Erlebnis der Endbenutzer
hat. Für weitere Hilfe siehe http://xhr.spec.whatwg.org/

app.bun...s?v=699 (Zeile 28)
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
GET https://meet.jit.si/lang/languages.json
  
200 OK
  
  173ms
app.bun...s?v=699 (Zeile 28)

Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.
*SecurityError: The operation is insecure.*

app.bun...s?v=699 (Zeile 3)

···

Am 13.10.2015 um 20:11 schrieb George Politis:

Hi,

Do you use any other add ons that maybe disable WebRTC to prevent the
leaking of IP addresses? There’s also a config property in FF that
disables WebRTC. Could you please check and make sure that this config
property is set to true:

media.peerconnection.enabled


#10

Hi,

Now it’s probably time to deal with all those "Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben” warnings.

There must be some other parameter configured in your hardened configuration that prevents some operation to complete because it thinks it's insecure. I suppose "Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.” means "The site specified an invalid Strict-Transport-Security header” or something similar.

This seems to have something to do with RFC 6797 - HTTP Strict Transport Security (HSTS), but I could be mistaken. If this is the case, we either have to make our server HSTS compliant or you’ll have to disable it in your FF. Again, I’m not sure if this is the problem, I could be mistaken. It’s the first time that I see this warning.

Best,
George

···

On Oct 13, 2015, at 1:16 PM, Cyborg <cyborg2@benderirc.de> wrote:

Am 13.10.2015 um 20:11 schrieb George Politis:

Hi,

Do you use any other add ons that maybe disable WebRTC to prevent the leaking of IP addresses? There’s also a config property in FF that disables WebRTC. Could you please check and make sure that this config property is set to true:

media.peerconnection.enabled

WITH this enabled, which it wasn't .. we get this :

2
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
(TIME) index.html loaded:
1011.0500000000001
meet.jit.si (Zeile 12)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
(TIME) document ready:
19792.345
app.bun...s?v=699 (Zeile 1)
<>
localstorage is not supported
app.bun...s?v=699 (Zeile 8)
<>
local storage is not supported
app.bun...s?v=699 (Zeile 8)
<>
This appears to be Firefox, ver: 41
app.bun...s?v=699 (Zeile 1)
<>
GET https://meet.jit.si/lang/main.json
200 OK

192ms app.bun...s?v=699 (Zeile 28)
<>
Synchrone XMLHttpRequests am Haupt-Thread sollte nicht mehr verwendet werden, weil es nachteilige Effekte für das Erlebnis der Endbenutzer hat. Für weitere Hilfe siehe http://xhr.spec.whatwg.org/

app.bun...s?v=699 (Zeile 28)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
GET https://meet.jit.si/lang/languages.json
200 OK

173ms app.bun...s?v=699 (Zeile 28)
<>
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile angegeben.
SecurityError: The operation is insecure.

app.bun...s?v=699 (Zeile 3)
<>

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#11

I suppose "Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.” means "The site specified an invalid Strict-Transport-Security
header” or something similar.

Yes.

This seems to have something to do with RFC 6797 - HTTP Strict Transport
Security (HSTS), but I could be mistaken. If this is the case, we either have
to make our server HSTS compliant

Yes, because meet.jit.si sends garbage:
Strict-Transport-Security: “max-age=31536000”

or you’ll have to disable it in your FF.

Nope, this is the default configuration, just tested with a mostly unused (and just updated) installation of FF41 on Win7.

Again, I’m not sure if this is the problem, I could be mistaken. It’s the
first time that I see this warning.

Best,
George

Ingo


#12

I tried to dis/enable all "strict" options in the config, but it did not
change the outcome.

BTW, the header is just invalid formed :

"Strict-Transport-Security|“max-age=31536000”"|

My guess is, your charset is not correct.

Marius

···

Am 13.10.2015 um 20:41 schrieb George Politis:

Hi,

Now it’s probably time to deal with all those "Diese Website hat eine
ungültige Strict-Transport-Security-Kopfzeile angegeben” warnings.

There must be some other parameter configured in your hardened
configuration that prevents some operation to complete because it
thinks it's insecure. I suppose "Diese Website hat eine ungültige
Strict-Transport-Security-Kopfzeile angegeben.” means "The site
specified an invalid Strict-Transport-Security header” or something
similar.

This seems to have something to do with RFC 6797 - HTTP Strict
Transport Security (HSTS), but I could be mistaken. If this is the
case, we either have to make our server HSTS compliant or you’ll have
to disable it in your FF. Again, I’m not sure if this is the problem,
I could be mistaken. It’s the first time that I see this warning.


#13

Fixed.

Boris

···

On 13/10/15 13:53, Ingo Bauersachs wrote:

I suppose "Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.” means "The site specified an invalid Strict-Transport-Security
header” or something similar.

Yes.

This seems to have something to do with RFC 6797 - HTTP Strict Transport
Security (HSTS), but I could be mistaken. If this is the case, we either have
to make our server HSTS compliant

Yes, because meet.jit.si sends garbage:
Strict-Transport-Security: “max-age=31536000”


#14

Hi,

what is the response when you test n FF for Windows10

Thanks,
Osama Alshaykh
LinkedIn <https://www.linkedin.com/pub/osama-alshaykh/3/b84/42>

This email message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message

···

On Oct 13, 2015, at 2:53 PM, Ingo Bauersachs <ingo@jitsi.org> wrote:

I suppose "Diese Website hat eine ungültige Strict-Transport-Security-Kopfzeile
angegeben.” means "The site specified an invalid Strict-Transport-Security
header” or something similar.

Yes.

This seems to have something to do with RFC 6797 - HTTP Strict Transport
Security (HSTS), but I could be mistaken. If this is the case, we either have
to make our server HSTS compliant

Yes, because meet.jit.si sends garbage:
Strict-Transport-Security: “max-age=31536000”

or you’ll have to disable it in your FF.

Nope, this is the default configuration, just tested with a mostly unused (and just updated) installation of FF41 on Win7.

Again, I’m not sure if this is the problem, I could be mistaken. It’s the
first time that I see this warning.

Best,
George

Ingo

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#15

Yes, because meet.jit.si sends garbage:
Strict-Transport-Security: “max-age=31536000”

Fixed.

Thanks.

There's another warning in Firefox:

The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol.

This is more at the application level than at the webserver though.

Boris

Ingo


#16

And another one :slight_smile: :

(TIME) index.html loaded:

1010.5600000000001
meet.jit.si (Zeile 12)

(TIME) document ready:

13336.205
app.bun...s?v=699 (Zeile 1)
localstorage is not supported
app.bun...s?v=699 (Zeile 8)
local storage is not supported
app.bun...s?v=699 (Zeile 8)
This appears to be Firefox, ver: 41
app.bun...s?v=699 (Zeile 1)
GET https://meet.jit.si/lang/main.json
  
200 OK
  
  199ms
app.bun...s?v=699 (Zeile 28)

*Synchrone XMLHttpRequests am Haupt-Thread sollte nicht mehr verwendet
werden, weil es nachteilige Effekte für das Erlebnis der Endbenutzer
hat. Für weitere Hilfe siehe http://xhr.spec.whatwg.org/*

means : don't use POSTs in AJAX, as it stops the UI from responding. I,
personaly, give a crap about this warning in my apps, as i really need
the blocking ajax calls for things.

app.bun...s?v=699 (Zeile 28)
GET https://meet.jit.si/lang/languages.json
  
200 OK
  
  146ms
app.bun...s?v=699 (Zeile 28)

SecurityError: The operation is insecure.

app.bun...s?v=699 (Zeile 3)

@Boris:

can you use a none minified JS bundle, so that the debugger will catch
the actual error ?

Marius

···

Am 13.10.2015 um 21:14 schrieb Ingo Bauersachs:

Yes, because meet.jit.si sends garbage:
Strict-Transport-Security: “max-age=31536000”

Fixed.

Thanks.

There's another warning in Firefox:

The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol.

This is more at the application level than at the webserver though.


#17

today i checked the issue without ANY plugin, so native 41 FF.

Same result, except the marked one:

(TIME) index.html loaded: 878.645 meet.jit.si:12:1
*The character encoding of the HTML document was not declared. *The
document will render with garbled text in some browser configurations if
the document contains characters from outside the US-ASCII range. The
character encoding of the page must be declared in the document or in
the transfer protocol. meet.jit.si
(TIME) document ready: 3459.63 app.bundle.min.js:1:2301
localstorage is not supported app.bundle.min.js:8:19075
local storage is not supported app.bundle.min.js:8:19612
This appears to be Firefox, ver: 41 app.bundle.min.js:1:21377
*Synchronous XMLHttpRequest on the main thread is deprecated because of
its detrimental effects to the end user's experience. For more help
http://xhr.spec.whatwg.org/ app.bundle.min.js:28:0*
SecurityError: The operation is insecure. app.bundle.min.js:3:0

... I have no clue what the dev team at ff has it with synchronous calls ...

Marius


#18

Hi Marius,

I might be wrong but I think it’s the "SecurityError: The operation is insecure" that is thrown that breaks meet for you. I’m afraid we’re going to have to debug the problem to find out what the problem is. Could you please open the JS console (before loading the meet page) and then once the error occurs click on it and tell us the line in the code that throws the error?

Best,
George

···

On Oct 16, 2015, at 7:41 AM, Marius <jitsi@benderirc.de> wrote:

today i checked the issue without ANY plugin, so native 41 FF.

Same result, except the marked one:

(TIME) index.html loaded: 878.645 meet.jit.si:12:1
The character encoding of the HTML document was not declared. The document will render with garbled text in some browser configurations if the document contains characters from outside the US-ASCII range. The character encoding of the page must be declared in the document or in the transfer protocol. meet.jit.si
(TIME) document ready: 3459.63 app.bundle.min.js:1:2301
localstorage is not supported app.bundle.min.js:8:19075
local storage is not supported app.bundle.min.js:8:19612
This appears to be Firefox, ver: 41 app.bundle.min.js:1:21377
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help http://xhr.spec.whatwg.org/ app.bundle.min.js:28:0
SecurityError: The operation is insecure. app.bundle.min.js:3:0

... I have no clue what the dev team at ff has it with synchronous calls ...

Marius
_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#19

app.bundle.min.js: -> 3

But as it's a bundle, it could be anywere in that mimifyed line. I would
need to have the expanded version to debug it correctly. Can you make
that possible ?

Marius

···

Am 16.10.2015 um 17:22 schrieb George Politis:

Hi Marius,

I might be wrong but I think it’s the "SecurityError: The operation is
insecure" that is thrown that breaks meet for you. I’m afraid we’re
going to have to debug the problem to find out what the problem is.
Could you please open the JS console (before loading the meet page)
and then once the error occurs click on it and tell us the line in the
code that throws the error?


#20

Hi,

you can always access it https://…host…/libs/app.bundle.js.
There is also the map file there to map the min to the not minified
version, this is normally used by chrome and firefox debuggers.

Regards
damencho

···

On Fri, Oct 16, 2015 at 1:23 PM, Marius <jitsi@benderirc.de> wrote:

Am 16.10.2015 um 17:22 schrieb George Politis:

Hi Marius,

I might be wrong but I think it’s the "SecurityError: The operation is
insecure" that is thrown that breaks meet for you. I’m afraid we’re going to
have to debug the problem to find out what the problem is. Could you please
open the JS console (before loading the meet page) and then once the error
occurs click on it and tell us the line in the code that throws the error?

app.bundle.min.js: -> 3

But as it's a bundle, it could be anywere in that mimifyed line. I would
need to have the expanded version to debug it correctly. Can you make that
possible ?

Marius

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users