Skip to Main Content

DevOps, CI/CD and Automation

Content-Security-Policy violation: img-src

User_NXQDUAug 15 2022

The lines in bold from the following code of ojcustomelement.js violating the Content-Security-Policy: img-src 'self'; function _ojHighContrast() {
// using a data uri, I googled for shortest uri to get this one since
// I don't care about the actual image, but I do want a legit image
// otherwise I see an error in chrome and I don't want users to be
// confused by seeing any error.
var div = document.createElement('div'); = '1px solid'; = 'red green'; = 'absolute'; = '-999px'; = 'url(data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)';
var body = document.body;
body.appendChild(div); // @HTMLUpdateOK safe manipulation
var computedStyles = window.getComputedStyle(div);
var bki = computedStyles.backgroundImage; if (computedStyles.borderTopColor === computedStyles.borderRightColor ||
(bki != null && (bki === 'none' || bki === 'url (invalid-url:)'))) {
} body.removeChild(div);
} Bootstrap.whenDocumentReady().then(function () {

ojcustomelement.js:859 Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=' because it violates the following Content Security Policy directive: "img-src 'self'".

Did anyone encountered this? any inputs on this is highly appreciated,

Post Details
Added on Aug 15 2022
1 comment