Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Tracey Penberthy 12 posts 102 karma points
    May 03, 2022 @ 16:26
    Tracey Penberthy
    0

    CSP Errors on Cropped Images - but only in Firefox and Safari

    I have a CSP in my site and it works fine in Chrome and Edge. However in Safari and Firefox I am getting CSP for images that have image cropper parameters in the url (e.g. image.png?width=100&height=60).

    The site uses Azure blob storage to store images and the error message is along the lines of:

    Content Security Policy: The page's settings blocked the loading of a resource at http://mysite.blob.core.windows.net/cache/d/4/3/6/a/3/b146a3e5010535e44459afe6e0b761c9d1486f36.png ("img-src").

    I suspect the issue may have something to do with it using the http protocol when accessing the cached image but I have set umbracoUseSSL to true and the AzureUmbracoBlobStorageRootUrl uses the https protocol as does the AzureUmbracoBlobStorageConnectionString in web.config.

    I even deleted the cache folders in blob storage in the hope that rebuilding the images would fix this but no joy.

    Any help on this would be much appreciated - it is very frustrating that the CSP works in some browsers but not others.

  • Dennis 75 posts 397 karma points MVP
    May 04, 2022 @ 05:08
    Dennis
    1

    Hi Tracey,

    I'm by no means an expert on blob storage, but did you check if your blob storage actually accepts https connections? I don't know what default behaviour is, but perhaps the blob storage redirects to http itself?

    If you look at the generated source in your browser dev tools (or redirect, I believe images are redirected by the image cropper). Does it have https as protocol? or do you go straight to http?

    You could also try search through your source, see if you've missed any configurations. In visual studio you'd press ctrl+shift+F to search through all your files.

  • Tracey Penberthy 12 posts 102 karma points
    May 04, 2022 @ 07:16
    Tracey Penberthy
    100

    Thanks so much for your response Dennis.

    It was as you suggested in some config file. So although in web.config the protocols were https, in imageprocessor/cache.config and imageprocessor/security.config the protocols were just http.

    I also made sure that my blob storage only allowed requests via https.

    Really appreciate your help with this :)

  • Dennis 75 posts 397 karma points MVP
    May 04, 2022 @ 10:15
    Dennis
    0

    That's very nice to hear Tracey!

    If you could spare a second, perhaps you could mark your question as solved. That way, everyone can see that you've solved your problem. It'll be helpful for people with the same problem.

  • Tracey Penberthy 12 posts 102 karma points
    May 04, 2022 @ 12:42
    Tracey Penberthy
    0

    Done.

    Thanks Dennis

Please Sign in or register to post replies

Write your reply to:

Draft