Gaia Can't Be Evil

[faragly]

Hi! I am inspired by your initiative and decided to test my new application using your browser extension. Since the frontend works directly with the Blockstask API, I got the following result:

{"http://localhost:3000":{"serverSetsCookie":false,"appSendsCookie":true},"requests":{"https://gaia.blockstack.org":1},"violatedDirectives":{"img-src":1},"version":1}

What is the best way around this?

[larrysalibra]

If you're accessing gaia using the blockstack.js methods which operate using fetch, gaia shouldn't trigger the Can't Be Evil rules. Given that it shows the directive that's violated as being img-src my guess is that the app is loading an image directly from gaia in the src of an img tag instead of using the getFile call to load it.

With regards to appSendsCookies being true, can you take a look at your app's Cookie store to see what cookie is being sent? One of the problems that i've noticed in my testing is that once a cookie gets in an app, it's hard to get rid of it. If there's no cookie, it's possible that it's a bug in the extension as well.

Thanks for giving it a try!

[faragly]

Thanks for the answer. I solved the problem with cookies. And you were right, I have a request without the right header. This is a link to the user avatar in the src tag