search

hoaproject / W3

The W3 repository contains the website of Hoa.
4 stars 8 forks source link

Images are not renderred #134

Closed lyrixx closed 7 years ago

lyrixx commented 7 years ago

On https://hoa-project.net/Fr/Literature/Hack/Visitor.html images are not renderrred.

screenshot at 2017-07-20 14-38-52

Cause: It violates the CSP:

Refused to load the image 'https://img.shields.io/badge/help-' because it violates the following Content Security Policy directive: "default-src 'self' *.hoa-project.net *.hoa.io *.github.io *.github.com *.githubusercontent.com github.com pbs.twimg.com *.discourse.org *.tile.openstreetmap.org *.googleusercontent.com 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

Visitor.html:1 Refused to load the image 'https://img.shields.io/badge/help-gitter-ff0066.svg' because it violates the following Content Security Policy directive: "default-src 'self' *.hoa-project.net *.hoa.io *.github.io *.github.com *.githubusercontent.com github.com pbs.twimg.com *.discourse.org *.tile.openstreetmap.org *.googleusercontent.com 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

Visitor.html:1 Refused to load the image 'https://img.shields.io/badge/documentation-hack_book-ff0066.svg' because it violates the following Content Security Policy directive: "default-src 'self' *.hoa-project.net *.hoa.io *.github.io *.github.com *.githubusercontent.com github.com pbs.twimg.com *.discourse.org *.tile.openstreetmap.org *.googleusercontent.com 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

Visitor.html:1 Refused to load the image 'https://img.shields.io/badge/organisation-board-ff0066.svg' because it violates the following Content Security Policy directive: "default-src 'self' *.hoa-project.net *.hoa.io *.github.io *.github.com *.githubusercontent.com github.com pbs.twimg.com *.discourse.org *.tile.openstreetmap.org *.googleusercontent.com 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

Visitor.html:272 GET https://analytics.hoa-project.net/piwik.js net::ERR_BLOCKED_BY_CLIENT
(anonymous) @ Visitor.html:272
(anonymous) @ Visitor.html:273
Pierozi commented 7 years ago

It's fix, thanks !

lyrixx commented 7 years ago

The first one it still unfixed for me.

Pierozi commented 7 years ago

Yep, but this one is not related to CSP, but an issue with urlencode of image url.

Hywan commented 7 years ago

It works now, https://hoa-project.net/Fr/Literature/Hack/Visitor.html.

screenshot-2017-8-8 hoa visitor hack book hoa