You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Pasting an image in the editor results in the following in the browser
Refused to load the image 'blob:' because it violates the following Content Security Policy directive: "img-src 'self' data:".
Refused to load the image 'blob:http://example.com/426e8cf7-faab-4141-87ad-8e30eb54ad6d' because it violates the following Content Security Policy directive: "img-src 'self', 'https', data:".
The warning can be fixed by adding :blob to the policy,
policy.img_src:self,:https,:data,:blob
but that makes things less secure.
It would be nice, if we could tie blob to a URI, for example "blob:http://example.com" but that is not (yet) supported by the CSP standard.
Things still seem to work as expected even when warnings are show, and the images get uploaded.
The text was updated successfully, but these errors were encountered:
When I comment out the default CSP (Content Security Policy) in a Rails application,
Pasting an image in the editor results in the following in the browser
The warning can be fixed by adding
:blobto the policy,but that makes things less secure.
It would be nice, if we could tie
blobto a URI, for example "blob:http://example.com" but that is not (yet) supported by the CSP standard.Things still seem to work as expected even when warnings are show, and the images get uploaded.
The text was updated successfully, but these errors were encountered: