stuartpb
commented
6 years ago Just got a reply:
Hi Stuart,
Thanks for the report! The team is currently working on a fix for this. I can't promise an ETA, but we'll be sure to write back as soon as we have news.
Best, Melissa
On testing, looks like they've pushed a fix (at least for the embedded image issue, which is what I really had a problem with).
Just submitted to GitHub, cross-posting for tracking via crossposter userscript:
Here are two errors I'm getting in the dev console when visiting https://github.com/latertime/laterti.me, the first breaking embedded images, and the second apparently breaking real-time updates:
Refused to load the image 'https://raw.githubusercontent.com/latertime/laterti.me/master/client/latertime.png' because it violates the following Content Security Policy directive: "img-src 'self' data: assets-cdn.github.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com collector.githubapp.com avatars0.githubusercontent.com avatars1.githubusercontent.com avatars2.githubusercontent.com avatars3.githubusercontent.com github-cloud.s3.amazonaws.com".
13:20:45.408 github-93b29b30c9c177d0ef1ef01fb381c8031020886b52b41349b9e700f7d7b6dc2797e1068f8f76768f12e0f18bd4fc8c4821441c3c9dc279200e6ca7c79130b8ec.js:1 Refused to connect to 'wss://live.github.com/_sockets/[redacted-as-potentially-sensitive]' because it violates the following Content Security Policy directive: "connect-src 'self' uploads.github.com status.github.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com".