Remove unrelated pages for laboration

author: Oskar Vigren <oskar@vig.ren> 2019-11-04 18:58:19 +0100
committer: Gustav Eek <gustav.eek@fripost.org> 2020-01-06 13:31:44 +0100
commit: 82016f6624dae1e61cf3cacba6a32540b1e3fa4e (patch)
tree: 87b824357a78ddea840ec28fd8af506154bc9049 /tracker/CSP_too_strict.mdwn
parent: 8a489485dfd72788fd18728fd7c12b9c16053954 (diff)
1 files changed, 0 insertions, 15 deletions
diff --git a/tracker/CSP_too_strict.mdwn b/tracker/CSP_too_strict.mdwn
deleted file mode 100644
index 308754d..0000000
--- a/tracker/CSP_too_strict.mdwn
+++ /dev/null
@@ -1,15 +0,0 @@
-On firefox 45, remote images are not shown in the webmail because of the CSP:
-
-```
-Content Security Policy: The page's settings blocked the loading of a resource at https://sendy.nitrokey.com/uploads/1431348652.png ("img-src https://mail.fripost.org").
-```
-
-Oh wait, that's weird: it seems to block data-urls too:
-
-```
-Content Security Policy: The page's settings blocked the loading of a resource at data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw== ("img-src https://mail.fripost.org").
-```
-
-I'm not too excited about allowing browsers to load images from arbitrary sources, but [did it anyway](https://git.fripost.org/fripost-ansible/commit/?id=c90ae1fe9d40a0271844d321a7a54ee219735ccf) with the hope that roundcube's anti-XSS filter is good enough.
-I've also checked with the [Email Privacy Tester](https://emailprivacytester.com/) that other external resources blocked by the CSP are probably malicious.
-[[closed]]. -- [[guilhem]]
author	Oskar Vigren <oskar@vig.ren>	2019-11-04 18:58:19 +0100
committer	Gustav Eek <gustav.eek@fripost.org>	2020-01-06 13:31:44 +0100
commit	82016f6624dae1e61cf3cacba6a32540b1e3fa4e (patch)
tree	87b824357a78ddea840ec28fd8af506154bc9049 /tracker/CSP_too_strict.mdwn
parent	8a489485dfd72788fd18728fd7c12b9c16053954 (diff)