Unable to set profile photo

[dryabov]

There is no type=file field on the identify portal, just a text "Access Denied" displayed (see screenshot) How to fix it?

[sanderpotjer]

@dryabov thanks for reporting the issue, this should be fixed now so you can upload an image.

[dryabov]

After click on the "Insert" button, the photo is not uploaded, and there are following error messages in the browser's console log (query part of pwtimage.min.js URL is removed for simplicity, and a part of the token is replaced by ...):

10:01:14.209 pwtimage.min.js:1 Refused to connect to 'blob:https://identity.joomla.org/739339c0-...-e1c10c5b8c87' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.joomla.org https://*.pingdom.net https://*.google-analytics.com https://*.doubleclick.net https://apikeys.civiccomputing.com".
10:01:14.230 pwtimage.min.js:1 XHR failed loading: GET "blob:https://identity.joomla.org/739339c0-...-e1c10c5b8c87".
10:01:14.403 pwtimage.min.js:1 POST https://community.joomla.org/scripts/csp-reporter.php?source=identity.joomla.org 403

[sanderpotjer]

@conconnl can you please correct the CSP settings to allow blob.

[conconnl]

@sanderpotjer the PR should fix it.

[dryabov]

It still doesn't work.

And there is an issue in the page source: onclick event contains URL encoded like it would be in HTML context instead of JS string context:

onclick="jQuery('iframe#pwtImageFrame-61321b4c46aeb').attr('src', 'https://identity.joomla.org/index.php?option=com_pwtimage&view=image&tmpl=component&modalId=...'); pwtImage.setTargetId('61321b4c46aeb')"

Note & is used (twice) instead of just an &.

[sanderpotjer]

@dryabov the PR means a Pull Request, which needs to be merged and released first before the fix is applied. So it is correct that it stil doesn't work (yet)

[sanderpotjer]

@dryabov apologizes for the delay, it turned out to be a combination of issues and not for all accounts. All should be fine now.