WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
155182
Web Inspector: Images being blocked by CSP 2.0
https://bugs.webkit.org/show_bug.cgi?id=155182
Summary
Web Inspector: Images being blocked by CSP 2.0
Joseph Pecoraro
Reported
2016-03-08 12:20:03 PST
* SUMMARY All inspector images (file://) are being blocked by CSP 2.0. Warnings like: CONSOLE ERROR Refused to load the image 'file:///Users/pecoraro/Build/Release/WebInspectorUI.framework/Resources/Images/UserInputPrompt.svg' because it violates the following Content Security Policy directive: "img-src *". * NOTES - Inspector includes "file:" and "blob:" image resources.
Attachments
[PATCH] Proposed Fix
(1.46 KB, patch)
2016-03-08 12:21 PST
,
Joseph Pecoraro
no flags
Details
Formatted Diff
Diff
[PATCH] Better Fix (blob for font-src)
(1.52 KB, patch)
2016-03-08 12:29 PST
,
Joseph Pecoraro
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2016-03-08 12:20:50 PST
<
rdar://problem/25040640
>
Joseph Pecoraro
Comment 2
2016-03-08 12:21:33 PST
Created
attachment 273314
[details]
[PATCH] Proposed Fix
Joseph Pecoraro
Comment 3
2016-03-08 12:29:25 PST
Created
attachment 273315
[details]
[PATCH] Better Fix (blob for font-src) Missed out on font-src blob:. Also added for media-src just in case.
Daniel Bates
Comment 4
2016-03-08 12:37:08 PST
Comment on
attachment 273315
[details]
[PATCH] Better Fix (blob for font-src) View in context:
https://bugs.webkit.org/attachment.cgi?id=273315&action=review
> Source/WebInspectorUI/UserInterface/Main.html:29 > + <meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src * file: blob:; connect-src *; media-src * blob:; font-src * blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'">
This is OK as-is. It is unnecessary to explicitly add "blob:" to the media-src directive as * will match blob URLs.
WebKit Commit Bot
Comment 5
2016-03-08 13:56:03 PST
Comment on
attachment 273315
[details]
[PATCH] Better Fix (blob for font-src) Clearing flags on attachment: 273315 Committed
r197802
: <
http://trac.webkit.org/changeset/197802
>
WebKit Commit Bot
Comment 6
2016-03-08 13:56:07 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug