Not adding 'margin: 0px' style to HTML body

[sweepies]

I've noticed with GitHub's and other language implementations of Camo, as well as direct linking images, it sets the body style to 'margin: 0px'. With my go-camo setup however it does not. This obviously is not a big deal but it might cause some weird behaviour.

Imgur image:

<html>

<head>
    <meta name="viewport" content="width=device-width, minimum-scale=0.1">
    <title>fPlzJcC.png (1920×1200)</title>
</head>

<body style="margin: 0px;" cz-shortcut-listen="true"><img style="user-select: none; cursor: zoom-in;" src="https://i.imgur.com/fPlzJcC.png" width="1362" height="851"></body>

</html>

go-camo image:

<html>

<head>
    <meta name="viewport" content="width=device-width, minimum-scale=0.1">
    <title>687474703a2f2f692e696d6775722e636f6d2f66506c7a4a63432e706e67 (1920×1200)</title>
</head>

<body cz-shortcut-listen="true"><img style="cursor: zoom-in;" src="https://camo.buttwaters.com/f395cd45c27220bc64cd770e97a1f36bbc3a5418/687474703a2f2f692e696d6775722e636f6d2f66506c7a4a63432e706e67" width="1362" height="851"></body>

</html>

As you can see by navigating to those links, the Camo version has a small margin to the left and top of the image, and I haven't seen something like this anywhere else.

It's also probably worth noting that it throws these errors to the HTTP console, which I'm not sure what to do about:

687474703a2f2f692e696d6775722e636f6d2f66506c7a4a63432e706e67:1 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-H/s/dWGkGDaCkKqmo0VNeHrTgvJjinI5uvu7UmY6EB8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

687474703a2f2f692e696d6775722e636f6d2f66506c7a4a63432e706e67:1 Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-15TqmL1cbLqMXH1nK4EwD191NLSXxlbnYzFAfbG/xp8='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

687474703a2f2f692e696d6775722e636f6d2f66506c7a4a63432e706e67:1 Refused to load the image 'https://camo.buttwaters.com/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

[dropwhile]

The http console (browser) errors are from the content security policy (ref, ref). Basically it is refusing to apply an inline style to that element.

It looks like github's camo applies a slightly broader Content security policy header in their responses. I believe this may be what you are experiencing. To confirm, you could try starting go-camo with a -H option to override that particular default header, and see if that resolves your issue.

Example:

go-camo -k <something> -H "Content-Security-Policy: default-src 'none'; img-src data:; style-src 'unsafe-inline'"

If it does, I would not object to changing the default header to match that of github's camo implementation. It does seem a bit more user friendly.

[sweepies]

I see, that does in fact fix it. Thanks!

I've created a pull request for you: #12

[dropwhile]

closing this issue. I'll do a build and tag a release. thanks!