Dotclear

Ticket #2218 (closed defect: fixed)

Opened 7 years ago

Last modified 7 years ago

Missing CSP for media-manager

Reported by: nikrou Owned by: team
Priority: normal Milestone: 2.11
Component: module:core Version: 2.10.4
Severity: normal Keywords:
Cc:

Description

When uploading a new image to media-manager, just after image is selected a csp report is thrown : blocked-uri: "blob"

To fix it, a data directive for "blob" is needed for img-src : Instead of 

img-src:'self' data: media.dotaddict.org

It must be 

img-src: 'self' data: media.dotaddict.org: blob:

p.s: I didn't find why but semi-column are mandatory.

Change History

comment:1 Changed 7 years ago by franck <carnet.franck.paul@…>

  • Status changed from new to closed
  • Resolution set to fixed

(In [47b013a91ab9]) Add blob: to CSP img-src default directive, closes #2218

comment:2 Changed 7 years ago by franck

  • Milestone changed from A definir to 2.11
Note: See TracTickets for help on using tickets.

Sites map