Forum Stats

  • 3,853,250 Users
  • 2,264,197 Discussions
  • 7,905,294 Comments

Discussions

Content-Security-Policy violation: img-src

Hi,

The lines in bold from the following code of ojcustomelement.js violating the Content-Security-Policy: img-src 'self'; function _ojHighContrast() {

    // using a data uri, I googled for shortest uri to get this one since

    // I don't care about the actual image, but I do want a legit image

    // otherwise I see an error in chrome and I don't want users to be

    // confused by seeing any error.

    var div = document.createElement('div');

    div.style.border = '1px solid';

    div.style.borderColor = 'red green';

    div.style.position = 'absolute';

    div.style.top = '-999px';

    div.style.backgroundImage = 'url(data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)';

    var body = document.body;

    body.appendChild(div); // @HTMLUpdateOK safe manipulation

    var computedStyles = window.getComputedStyle(div);  

  var bki = computedStyles.backgroundImage;    if (computedStyles.borderTopColor === computedStyles.borderRightColor ||

        (bki != null && (bki === 'none' || bki === 'url (invalid-url:)'))) {

      body.classList.add('oj-hicontrast');

    }    body.removeChild(div);

  }  Bootstrap.whenDocumentReady().then(function () {

      _ojHighContrast();

  });


ojcustomelement.js:859 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=' because it violates the following Content Security Policy directive: "img-src 'self'".


Did anyone encountered this? any inputs on this is highly appreciated,

Answers