{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreidrogimc7xstve4gnmaafx4y3ogq6y2gso4b7fh7nbmuxqjerwrda",
    "uri": "at://did:plc:hqad6xwuzg7oqfmwylfkvqfm/app.bsky.feed.post/3mnflozxawvv2"
  },
  "path": "/viewtopic.php?t=33487&p=275166#p275166",
  "publishedAt": "2026-06-03T16:28:45.000Z",
  "site": "http://forum.palemoon.org",
  "textContent": "> Now what's weird is, if you set security.csp.enable = false, duck.ai starts working. And then if you set security.csp.enable = true, duck.ai continues working. Go figure.\n\nThere is nothing strange about this, it is just working with the cache.\n\nI did a little digging (not extensively; for a full investigation, I'd first need to write an extension), but it seems the problem with csp occurs when <scheme-source> is used and/or <scheme-source> is mixed with\n<host-source> in a single directive. It's as if processing such a directive causes a fallback to \"default-src.\"\nBut this is just a guess.\n\nAnd yes, this isn't the only site where csp is causing issues; it's just that here it's **highly** visible.\n\n* * *",
  "title": "Web Compatibility Support • Re: duck.ai - doesn't work with csp enabled",
  "updatedAt": "2026-06-03T16:28:45.000Z"
}