Jackpot casino sign up bonus.REGISTER NOW GET FREE 888 PESOS REWARDS!

sergialarconrecio
(@sergialarconrecio)

5 years, 6 months ago

Self in the plugin is missing blob because it does not take it and represents that in permitted hosts you put * and it would have to work and does not work, it still blocks the blob. I wait for a solution or update of the plugin because if I can’t see links like this, I leave below that gives me an error for having CSP activated.

Content Security Policy: The options for this page have blocked the loading of a resource in blob: https: //pbbsantcelonicomarca.com/38fa4720-51d0-4c8b-9f80-b80c3b55f0bf (default-src).

This comes up with the latest version of firefox version: 69.0.1 (64-bit)

Viewing 7 replies - 1 through 7 (of 7 total)

Plugin Author One Dollar Plugin
(@onedollarplugin)

5 years, 6 months ago

The Content Security Policy settings for Shield allow you to add permitted hosts. The default is *. But this doesn’t cover blob, so you’ll need to add blob to your settings.

There is no error in Shield’s implementation of CSP. The error appears on your site because the resource, blob, is blocked. This is because you haven’t specified this using the “hosts” options, that we’ve provided. Please try using that option and if it doesn’t work as you need, please let us know what exactly you’re trying and what errors you’re seeing.

Please don’t cross-post your support question to our other support channels – this doesn’t help get your questions answered any sooner.

Thread Starter sergialarconrecio
(@sergialarconrecio)

5 years, 6 months ago

As I have to do to put blob because I have put it in the hosts / domain section in this way blob asin to dry and it has not worked for me. Thank you.

Plugin Author One Dollar Plugin
(@onedollarplugin)

5 years, 6 months ago

Sorry, I don’t really understand what you’ve said. You’ll need to provide full details of what you’ve done and what isn’t working for us to help you more with this.

Thread Starter sergialarconrecio
(@sergialarconrecio)

5 years, 6 months ago

In the header does not take blob since it seems that the plugin is not put blob so that in the header allows links that carry blob. Example: blob:https//domain.com Mozilla url attachment that explains it better.

https://developer.mozilla.org/es/docs/Web/Security/CSP/CSP_policy_directives#Palabras_claves

https://developer.mozilla.org/en-US/docs/Web/API/Blob

Thread Starter sergialarconrecio
(@sergialarconrecio)

5 years, 6 months ago

Content-Security-Policy: default-src ‘self’; img-src ‘self’ data: blob: filesystem:; media-src mediastream:

Thread Starter sergialarconrecio
(@sergialarconrecio)

5 years, 6 months ago

The example that I give you in the last message is how it should be with the blob since surely in these rules I need to put blob so that those links could be visualized with the CSP activated.

Since I didn’t find the file specified to be able to modify that rule and see if it worked.

I pass several websites where it explains the useful use that is blob in CSP and how it is put so that it is activated since it is a rule to not be able to extract the link on external websites or to deceive the attacker.

https://developer.mozilla.org/es/docs/Web/Security/CSP/CSP_policy_directives#Palabras_claves

https://developer.mozilla.org/en-US/docs/Web/API/Blob

https://www.w3.org/TR/CSP/
https://web-developer-articles.blogspot.com/2015/08/content-security-policy.html

https://jira.nuxeo.com/browse/NXP-23912

https://stackoverflow.com/questions/28467789/content-security-policy-object-src-blob

Thread Starter sergialarconrecio
(@sergialarconrecio)

5 years, 6 months ago

https://content-security-policy.com/

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Error in security policy Self of content’ is closed to new replies.

Tags