https protocol API endpoint is returning http URLs, voilating CSP headers if used
admalledd opened this issue · 2 comments
https://api.capy.lol/v1/capybara?json=true for example returns a payload of
{"success":true,"data":{"url":"http://api.capy.lol/v1/capybara/469","index":469,"width":736,"height":981}}
which has a sad consequence of violating Content-Security-Policy or other such enforcement that all must be HTTPS and I can't see capybara test images :(
Upstream internal issue (99% for the fun of it):
Summary:
Users are reporting that they are unable to view cute capybara images when accessing the website using HTTPS. The issue seems to be related to the Content Security Policy (CSP) implemented on the testing site, which is blocking the images due to a mismatch between the HTTP and HTTPS protocols.
Steps to Reproduce:
Visit the website that contains cute capybara images REDACTED
Observe that the images of cute capybaras are not displayed on the page.Expected Result:
The images of cute capybaras should be displayed on the page without any issues.
Actual Result:
The images are not displayed, and a CSP error message is displayed in the browser console indicating that the images have been blocked due to a mismatch between the HTTP and HTTPS protocols.
Additional Information:
Browser: Reproduced on Firefox, Chrome
Operating System: Windows, Android 10
Severity:
High - The issue is affecting the core functionality of the website and impacting the user experience.
Hi thanks for this a bunch, will fix :)