Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Simon Dingley 1431 posts 3332 karma points c-trib
    Apr 11, 2017 @ 08:47
    Simon Dingley
    0

    Content Security Policy Violations in Back Office

    I have implemented Content Security Policy headers on a site that is using SSL in the back office (may be unrelated) and I have no issues elsewhere on the site but in the back office I get violations like this:

    Refused to load the image 'http://umbraco.tv/media/110343/mediaapi.png' because it violates the following Content Security Policy directive: "img-src 'self' data: *.umbraco.tv i.ytimg.com *.umbraco.org www.gravatar.com".

    The rule is as follows:

    img-src 'self' data: umbraco.tv *.umbraco.tv i.ytimg.com *.umbraco.org www.gravatar.com

    The rules are valid so I can't work out why they are being rejected - any ideas? I think perhaps I'm missing something really obvious somewhere?

    Edit: FWIW, images show fine elsewhere in the back office if they come from https://dashboard.umbraco.org/media/ which made me think it was perhaps SSL related?

    Thanks, Simon

    Copy Link
  • Liam Laverty 7 posts 99 karma points c-trib
    Apr 11, 2017 @ 09:25
    Liam Laverty
    100

    Hi Simon,

    This is a violation of the HTTP/HTTPS content security policies you need to specify http explicitly if you're serving your site over SSL. . You should be able to resolve this issue by updating your rule to:

    img-src 'self' data: umbraco.tv *.umbraco.tv i.ytimg.com *.umbraco.org www.gravatar.com http://umbraco.tv

    There's a good Stack Overflow response for content-security-policy here http://stackoverflow.com/a/30280371/1663868

    Copy Link
  • Simon Dingley 1431 posts 3332 karma points c-trib
    Apr 11, 2017 @ 09:29
    Simon Dingley
    1

    Perfect! Thanks Liam, worked a treat.

    Copy Link

  • This forum is in read-only mode while we transition to the new forum.

    You can continue this topic on the new forum by tapping the "Continue discussion" link below.

Please Sign in or register to post replies