stackoom
  简体   繁体   中英

Meteor browser-policy: allow uploading images

 原文  2015-10-23 06:47:03       javascript/ meteor

Question

Trying to use Sir Trevor JS in Meteor to upload images but getting: 

Refused to load the image 'blob:http%3A//localhost%3A3000/a28ef7dc-ee51-4290-9941-6b8fc317e685' 
because it violates the following Content Security Policy directive: 
"img-src data: 'self' http://*.googleapis.com https://*.googleapis.com
http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com 
https://*.bootstrapcdn.com http://*.facebook.com https://*.facebook.com 
http://*.fbcdn-profile-a.akamaihd.net https://*.fbcdn-profile-a.akamaihd.net 
blob://*.localhost".

I am using the browser-policy package and don't know how to accept this URL. I tried many different policies but cant get it to work. Examples: 

BrowserPolicy.content.allowDataUrl("blob://*.localhost:3000");
BrowserPolicy.content.allowOriginForAll("blob:*.localhost:3000/");
BrowserPolicy.content.allowOriginForAll("blob:*.localhost:3000");
BrowserPolicy.content.allowImgUrlForAll();
BrowserPolicy.content.allowSameOriginForAll();

Any ideas?

2 answers

solution1
 4 ACCPTED  2015-10-23 06:53:20

Okey,

This actually solved the problem: 

BrowserPolicy.content.allowOriginForAll('blob:');

Doesn't seam very secure though.

Found it here

solution2
 0  2018-02-15 01:40:26

I had this issue using Meteor-Files package as well. I was able to add a clone of the browser-policy-content package to my local project and add 'worker-src' to the resources objects (in browser-policy-content.js): 

var resources = [
    { methodResource: "Script", directive: "script-src" },
    { methodResource: "Object", directive: "object-src" },
    { methodResource: "Image", directive: "img-src" },
    { methodResource: "Media", directive: "media-src" },
    { methodResource: "Font", directive: "font-src" },
    { methodResource: "Connect", directive: "connect-src" },
    { methodResource: "Style", directive: "style-src" },
    { methodResource: "Frame", directive: "frame-src" },
    { methodResource: "FrameAncestors", directive: "frame-ancestors" }, 
    { methodResource: 'WorkerSource', directive: 'worker-src' }//added this!
];

Then I was able to add the below to my startup.js: 

BrowserPolicy.content.allowWorkerSourceBlobUrl('localhost');

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Uploadcare uploading images input not been shown with Meteor Prevent browser from caching uploading images Uploading mulitple files(images) with “preview” crashes browser Uploading Images in Browser using react issue prevent default browser action but allow library code in meteor Allow Meteor.js to Wait for Images to Load before calling Plugin Uploading images to S3 bucket from browser via NodeJs Is there a single cross-browser solution for uploading images from the clipboard in JavaScript? Meteor allow/ deny rules Meteor Collection.allow
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM