holder icon indicating copy to clipboard operation
holder copied to clipboard
verified publisher icon imsky

Content security policy

Open rtv2222 opened this issue 9 years ago • 4 comments

What's the best way to enable a Content Security Policy on my pages so that SVGs generated by holder.js are not blocked ? I have an img-src of self and that does not permit holder.js generated images to be served by the browser.

rtv2222 avatar May 18 '16 16:05 rtv2222

will look into it. can you try data-src in the meantime?

imsky avatar May 18 '16 18:05 imsky

http://stackoverflow.com/questions/18447970/content-security-policy-data-not-working-for-base64-images-in-chrome-28 fixed it for me. The CSP needs img-src 'self' data:;

rtv2222 avatar May 23 '16 08:05 rtv2222

In my case, I could fix it with the following code.

exports.setAttr = function (el, attrs) {
    for (var a in attrs) {
        if('style' == a){
            el.style.cssText = attrs[a];
        }else{
            el.setAttribute(a, attrs[a]);
        }
    }
};

Errors can be seen in this project. https://github.com/hiro20v/FinePlay 2017/10/28 now, I haven't fixed it yet.

hiro20v avatar Oct 28 '17 03:10 hiro20v

nice, thanks for the info @hiro20v

imsky avatar Oct 28 '17 05:10 imsky