stackoom
  简体   繁体   中英

Content-Security-Policy 'image-src *'

 原文  2016-04-30 07:51:33       html/ web/ content-security-policy

Question

I set the Content-Security-Policy for the application with a wild-card for image-src

But, while uploading an image from browser, I see this error below:

Refused to load the image ' blob:http%3A//localhost.abc.com%3A8000/6f5b1ad8-69fc-4e84-a58c-1a95cbba4900 ' because it violates the following Content Security Policy directive: "img-src *" .

However, other images from the same domain are loading fine. Only problem is when you try to upload one!

1 answers

solution1
 0  2016-05-04 18:26:36

I solved this with updating my img-src CSP, I am using s3 for image upload.

  imgSrc: ["'self'", 'data:', 'blob:', 'https://yourdomain.com', 'https://s3-us-west-2.amazonaws.com']

I am using Helmetjs with Node

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding hashes in Content-Security-Policy: style-src Content-Security-Policy errors Content-Security-Policy and JavaScript Avoiding `script-src 'unsafe-inline'` with Content-Security-Policy and JavaScript Including Content-Security-Policy in React Content-Security-Policy and external Javascript file Content-Security-Policy for webapp in iFrame Cannot read property 'value' of null if Content-Security-Policy How to use Content-Security-Policy with localhost files How to check what is blocked through Content-Security-Policy?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM