Closed Spacefish closed 9 years ago
oparoz
commented
9 years ago This is due to a change which has been introduced to tighten the policy in core. Apps will be able to define their own policies once they migrate to a newer version of the AppFramework. https://github.com/owncloud/core/pull/13989
The master branch here is still being used to stabilise the 8.0.x releases.
Spacefish
commented
9 years ago thanks for the hint, i will try to add this for 8.1 on a different branch tommorow (if it isn´t already)
libasys
commented
9 years ago @oparoz here is an working example to fix this problem: https://github.com/owncloud/core/pull/13989
oparoz
commented
9 years ago I've actually linked to this change above and @Spacefish has been kind enough to fix this in a PR. The branch which works with 8.1 is currently called dev.
I get a lot of: Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAADICAYAAACtWK6eAAAACXBIW…7oCvj8PnL5HKkpB7evevDQABS/3++aCgJUnYDz4GG18f8BE69QFZcoodwAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self'".
In Chrome, i get similar errors in firefox aswell!
with the latest owncloud master branch... I think they somehow set these Content Security Policys to counter XSS attacks.. Maybe they need to change them... As they even seem to block data urls..