search

creativecommons / licensebuttons

Creative Commons badges, license Buttons, etc.
https://licensebuttons.net/
MIT License
10 stars 20 forks source link

Blocked by CSP headers #38

Closed valheru closed 2 months ago

valheru commented 3 months ago

Description

The licensebuttons are included (as was recommended several years ago) from https://i.creativecommons.org/l/by-nc-nd/4.0/88x31.png, however now I have CSP headers on my website (which allow i.creativecommons.org) and I see the licensebuttons are being blocked.

Reproduction

I see the following in my CSP reports:

 "disposition": "enforce",
 "blocked-uri": ["http://[fdbd:dc05:ff:ff:674f:2c09:bc0d:ec7f]:9422/store?url=https%3A%2F%2Flicensebuttons.net%2Fl%2Fby-nc-nd%2F4.0%2F88x31.png&proxies=http%3A%2F%2Fsearch_spider%3AIg4RPQ7xChqObQ%40%5B2605%3A340%3Acda1%3A2702%3Ac9b9%3Ab05d%3A67a5%3A88d3%5D%3A9025"](http://[fdbd:dc05:ff:ff:674f:2c09:bc0d:ec7f]:9422/store?url=https%3A%2F%2Flicensebuttons.net%2Fl%2Fby-nc-nd%2F4.0%2F88x31.png&proxies=http%3A%2F%2Fsearch_spider%3AIg4RPQ7xChqObQ%40%5B2605%3A340%3Acda1%3A2702%3Ac9b9%3Ab05d%3A67a5%3A88d3%5D%3A9025)

URL decoded:

http://[fdbd:dc05:ff:ff:674f:2c09:bc0d:ec7f]:9422/store?url=https://licensebuttons.net/l/by-nc-nd/4.0/88x31.png&proxies=http://search_spider:Ig4RPQ7xChqObQ@[2605:340:cda1:2702:c9b9:b05d:67a5:88d3]:9025"](http://[fdbd:dc05:ff:ff:674f:2c09:bc0d:ec7f]:9422/store?url=https://licensebuttons.net/l/by-nc-nd/4.0/88x31.png&proxies=http://search_spider:Ig4RPQ7xChqObQ@[2605:340:cda1:2702:c9b9:b05d:67a5:88d3]:9025

It seems like there is some redirect for this button and I think this is on your side but it is possible the mistake is on my side.

I am using drupal 7 (latest version) and use the following snippet to include the licensebutton:

<p>
  <a href="http://creativecommons.org/licenses/by-nc-nd/4.0/" rel="license">
    <img src="https://i.creativecommons.org/l/by-nc-nd/4.0/88x31.png" alt="Creative Commons License" style="border-width: 0;">
  </a>
</p>

Of course I can just download the images and store them locally in my Drupal install but I would appreciate any help to get this working correctly.

TimidRobot commented 3 months ago

@valheru, thank you for taking the time to document this issue!

Yes, i.creativecommons.org redirects to licensebuttons.net.

If you update the button to use https://licensebuttons.net/l/by-nc-nd/4.0/88x31.png and allow licensebuttons.net, I expect you'll have a better experience.

Please let us know if this resolves it.

valheru commented 2 months ago

Sorry for the slow response, I had a holiday in between. This indeed seems to solve the problem, if I get new failures I will let you know. Thank you very much.