View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0020874||mantisbt||ui||public||2016-05-04 21:45||2021-01-05 18:59|
|Summary||0020874: Content Security Policy blocked embedded images added by Chrome Extension|
The content security policy that we have in place blocks images embedded in the html whether they are embedded by a plugin or by a Chrome extension. The case where I hit this issue where the a chrome extension that added an integration button but the image (which was embedded as background image in css) was blocked.
The fix for this specific case is to whitelist "data:" as per the stackoverflow thread below?
We can do the following:
I personally think 2 and 3 should be implemented. What are the thoughts of also enabling "data:" by default?
Didn't try, but the existing option custom_headers might be enough for it
Don't have time to check all details for that. Might mean less security out of the box, thus should be a decision of the administrator.