Allow adding "blob" as source in JSON

Question

Allow adding "blob" as source in JSON

Closed this issue 7 years ago · 3 comments

daniplaninc commented 7 years ago

I would like to do this:

"img-src": {
"self": true,
"data": true,
"blob": true
},

However, the "blob":true has no effect. I can resolve this by adding it in the other way:

$csp->addSource('image-src', "blob:");

but that results in having to look at annoying error messages in the console:

As a solution I would also accept any way to remove the automatic addition of "http://blob" and "https://blob" to the source list.

Answer 1 · 2017-10-18T17:22:30.000Z

This is the first I've heard of blob: being a thing. I thought only data: URIs were standard?

Answer 2 · 2017-10-18T18:10:31.000Z

I am using Sir Trevor, which stores an image blob on the site temporarily, that is when I get the CSP error:
Refused to load the image 'blob:<image-name>' because it violates the following Content Security Policy directive: "img-src ...

blob: is listed here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src

Answer 3 · 2017-11-20T15:55:20.000Z

Sorry, I missed this somehow.

This will be fixed in v2.3.0, which will be released sometime today.