Forum Stats

  • 3,853,252 Users
  • 2,264,197 Discussions


Content-Security-Policy violation: img-src

User_NXQDU Posts: 2 Employee
edited Aug 15, 2022 6:28PM in Oracle JET


The lines in bold from the following code of ojcustomelement.js violating the Content-Security-Policy: img-src 'self'; function _ojHighContrast() {

    // using a data uri, I googled for shortest uri to get this one since

    // I don't care about the actual image, but I do want a legit image

    // otherwise I see an error in chrome and I don't want users to be

    // confused by seeing any error.

    var div = document.createElement('div'); = '1px solid'; = 'red green'; = 'absolute'; = '-999px'; = 'url(data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)';

    var body = document.body;

    body.appendChild(div); // @HTMLUpdateOK safe manipulation

    var computedStyles = window.getComputedStyle(div);    var bki = computedStyles.backgroundImage;    if (computedStyles.borderTopColor === computedStyles.borderRightColor ||

        (bki != null && (bki === 'none' || bki === 'url (invalid-url:)'))) {


    }    body.removeChild(div);

  }  Bootstrap.whenDocumentReady().then(function () {



ojcustomelement.js:859 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=' because it violates the following Content Security Policy directive: "img-src 'self'".

Did anyone encountered this? any inputs on this is highly appreciated,