Content Security Policy syntax was invalid
According to https://csp-evaluator.withgoogle.com/ the CSP built here is NOT valid (and the blob: value is missing at img-src, so the image is not displayed when reading ebook in a browser) Before this commit, in Chrome response header you can find Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' data:; object-src: 'none'; blob:;style-src-elem 'self' blob: 'unsafe-inline'; After : Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src 'self' blob: data:; object-src 'none' blob:; style-src-elem 'self' blob: 'unsafe-inline'; and image in viewer are displayedpull/2666/head
parent
e178efb58c
commit
ed22209e6c
Loading…
Reference in New Issue