Welcome Guest Search | Active Topics | Sign In | Register

Content-Security-Policy-Header leads to assets not being loaded Options
Anlud
Posted: Thursday, December 2, 2021 9:49:22 AM
Rank: Newbie
Groups: Member

Joined: 12/2/2021
Posts: 2
One of your clients reported a problem where different assets are loaded in every browser. Within the eowp.exe the assets are blocked.

After a bit of research I narrowed down the error to the following procedure:

1. EOWP requests a html-document which contains an Image-tag
2. The server responds with a CSP-Header
Content-Security-Policy: default-src 'self'; img-src 'self' 'strict-dynamic'
3. Loading the image gets blocked

Refused to load the image 'http://localhost:3000/images/example.png' because it violates the following Content Security Policy directive: "img-src 'self' 'strict-dynamic'". 'strict-dynamic' is present, so host-based allowlisting is disabled.

I created a node project which serves a page which exhibits the behavior.
https://github.com/anlud/minimal-csp-error

Let me know if I can be of any assistance
eo_support
Posted: Thursday, December 2, 2021 1:50:03 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
Thanks for the test project. This is an issue in the version of the browser engine (Chromium v86) we use. The current version of the Chromium browser engine does not have this problem.

We are in the process of updating our product to a newer version of the Chromium engine. We expect this issue to be resolved after that is completed.
Anlud
Posted: Friday, December 3, 2021 1:22:30 AM
Rank: Newbie
Groups: Member

Joined: 12/2/2021
Posts: 2
I confirmed that this issue occurs with a chromium v86.
Thank you for the quick reply.

Can you provide a rough estimate on the time-frame of that update?
eo_support
Posted: Friday, December 3, 2021 8:49:39 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
Hi,

Currently we are expecting the new build to be out in January.

Thanks!


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.