Trying to use Sir Trevor JS in Meteor to upload images but getting:
Refused to load the image 'blob:http%3A//localhost%3A3000/a28ef7dc-ee51-4290-9941-6b8fc317e685'
because it violates the following Content Security Policy directive:
"img-src data: 'self' http://*.googleapis.com https://*.googleapis.com
http://*.gstatic.com https://*.gstatic.com http://*.bootstrapcdn.com
https://*.bootstrapcdn.com http://*.facebook.com https://*.facebook.com
http://*.fbcdn-profile-a.akamaihd.net https://*.fbcdn-profile-a.akamaihd.net
blob://*.localhost".
I am using the browser-policy package and don't know how to accept this URL. I tried many different policies but cant get it to work. Examples:
BrowserPolicy.content.allowDataUrl("blob://*.localhost:3000");
BrowserPolicy.content.allowOriginForAll("blob:*.localhost:3000/");
BrowserPolicy.content.allowOriginForAll("blob:*.localhost:3000");
BrowserPolicy.content.allowImgUrlForAll();
BrowserPolicy.content.allowSameOriginForAll();
Any ideas?
Okey,
This actually solved the problem:
BrowserPolicy.content.allowOriginForAll('blob:');
Doesn't seam very secure though.
Found it here
I had this issue using Meteor-Files package as well. I was able to add a clone of the browser-policy-content package to my local project and add 'worker-src' to the resources objects (in browser-policy-content.js):
var resources = [
{ methodResource: "Script", directive: "script-src" },
{ methodResource: "Object", directive: "object-src" },
{ methodResource: "Image", directive: "img-src" },
{ methodResource: "Media", directive: "media-src" },
{ methodResource: "Font", directive: "font-src" },
{ methodResource: "Connect", directive: "connect-src" },
{ methodResource: "Style", directive: "style-src" },
{ methodResource: "Frame", directive: "frame-src" },
{ methodResource: "FrameAncestors", directive: "frame-ancestors" },
{ methodResource: 'WorkerSource', directive: 'worker-src' }//added this!
];
Then I was able to add the below to my startup.js:
BrowserPolicy.content.allowWorkerSourceBlobUrl('localhost');
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.