Forum Stats

  • 3,874,342 Users
  • 2,266,727 Discussions


Content-Security-Policy violation: img-src


The lines in bold from the following code of ojcustomelement.js violating the Content-Security-Policy: img-src 'self'; function _ojHighContrast() {

    // using a data uri, I googled for shortest uri to get this one since

    // I don't care about the actual image, but I do want a legit image

    // otherwise I see an error in chrome and I don't want users to be

    // confused by seeing any error.

    var div = document.createElement('div'); = '1px solid'; = 'red green'; = 'absolute'; = '-999px'; = 'url(data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)';

    var body = document.body;

    body.appendChild(div); // @HTMLUpdateOK safe manipulation

    var computedStyles = window.getComputedStyle(div);  

  var bki = computedStyles.backgroundImage;    if (computedStyles.borderTopColor === computedStyles.borderRightColor ||

        (bki != null && (bki === 'none' || bki === 'url (invalid-url:)'))) {


    }    body.removeChild(div);

  }  Bootstrap.whenDocumentReady().then(function () {



ojcustomelement.js:859 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=' because it violates the following Content Security Policy directive: "img-src 'self'".

Did anyone encountered this? any inputs on this is highly appreciated,