diff options
author | Oskar Vigren <oskar@vig.ren> | 2019-11-04 18:58:19 +0100 |
---|---|---|
committer | Oskar Vigren <oskar@vig.ren> | 2019-11-04 18:58:19 +0100 |
commit | d9ad98d79b089b7c8c70671d3c3e157d138c0f91 (patch) | |
tree | 1c6032cd6c97398bc649aff6c6b56040525a38fc /tracker/CSP_too_strict.mdwn | |
parent | 707ae8dff89782a36ef555715b5a4a06c51feced (diff) |
Remove unrelated pages for laborationov/aktiv-test
Diffstat (limited to 'tracker/CSP_too_strict.mdwn')
-rw-r--r-- | tracker/CSP_too_strict.mdwn | 15 |
1 files changed, 0 insertions, 15 deletions
diff --git a/tracker/CSP_too_strict.mdwn b/tracker/CSP_too_strict.mdwn deleted file mode 100644 index 308754d..0000000 --- a/tracker/CSP_too_strict.mdwn +++ /dev/null @@ -1,15 +0,0 @@ -On firefox 45, remote images are not shown in the webmail because of the CSP: - -``` -Content Security Policy: The page's settings blocked the loading of a resource at https://sendy.nitrokey.com/uploads/1431348652.png ("img-src https://mail.fripost.org"). -``` - -Oh wait, that's weird: it seems to block data-urls too: - -``` -Content Security Policy: The page's settings blocked the loading of a resource at data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw== ("img-src https://mail.fripost.org"). -``` - -I'm not too excited about allowing browsers to load images from arbitrary sources, but [did it anyway](https://git.fripost.org/fripost-ansible/commit/?id=c90ae1fe9d40a0271844d321a7a54ee219735ccf) with the hope that roundcube's anti-XSS filter is good enough. -I've also checked with the [Email Privacy Tester](https://emailprivacytester.com/) that other external resources blocked by the CSP are probably malicious. -[[closed]]. -- [[guilhem]] |