Hi,
The lines in bold from the following code of ojcustomelement.js violating the Content-Security-Policy: img-src 'self'; function _ojHighContrast() {
// using a data uri, I googled for shortest uri to get this one since
// I don't care about the actual image, but I do want a legit image
// otherwise I see an error in chrome and I don't want users to be
// confused by seeing any error.
var div = document.createElement('div');
div.style.border = '1px solid';
div.style.borderColor = 'red green';
div.style.position = 'absolute';
div.style.top = '-999px';
div.style.backgroundImage = 'url(data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)';
var body = document.body;
body.appendChild(div); // @HTMLUpdateOK safe manipulation
var computedStyles = window.getComputedStyle(div); var bki = computedStyles.backgroundImage; if (computedStyles.borderTopColor === computedStyles.borderRightColor ||
(bki != null && (bki === 'none' || bki === 'url (invalid-url:)'))) {
body.classList.add('oj-hicontrast');
} body.removeChild(div);
} Bootstrap.whenDocumentReady().then(function () {
_ojHighContrast();
});
ojcustomelement.js:859 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=' because it violates the following Content Security Policy directive: "img-src 'self'".
Did anyone encountered this? any inputs on this is highly appreciated,