Closed Bug 760483 Opened 12 years ago Closed 12 years ago

[mozillians] CSP Violation: data:image/gif; base64

Categories

(Participation Infrastructure :: Phonebook, defect)

defect
Not set
normal

Tracking

(Not tracked)

VERIFIED WONTFIX
2012-06-13

People

(Reporter: mbrandt, Assigned: jsocol)

Details

[mozillians] CSP Violation: data:image/gif; base64,R0lGODlhEAAQAIQfAAFYsQJkw15iWgRz3AeN0Xl8c2mBiQma5B6W1h+b3yqh4BKp+kWk0pudlDC2/0y79X+4z1fC/7q6r3DK/4rN7a3Kz8fKwc/Uyr3c5N7dzuTi1Ofl1enm2O3r3/b06////yH+EUNyZWF0ZWQgd2l0aCBHSU1QACH5BAEKAB8ALAAAAAAQABAAAAWf4OeNXmdyX6qKpNSc25p6TVEIgl1osljntxxPNrIILhrDZBl5OBaLj6mTa1CWk+YTOpXgsBEM5gFdmDLBiJrC2VCgB85lYJFcmg+MPAPnDP4aGg4ODxsVFBkPBwd/jRuDFBoQDxkVix+NHwBQSBmeFwoEHwEDAQEAAJQVDAwQFxCipqeoABkMiwcWFqKjpqgEBLjAwDIAHwoJyQkIzB8hADs=: img-src https://mozillians.org:443 http://statse.webtrendslive.com:80 https://statse.webtrendslive.com:443 http://www.gravatar.com:80 https://secure.gravatar.com:443



Content Security Policy Violation Report

Request: GET https://mozillians.org/en-US/?next=/en-US/group/11058-automation-development HTTP/1.1
Blocked URI: data:image/gif;base64,R0lGODlhEAAQAIQfAAFYsQJkw15iWgRz3AeN0Xl8c2mBiQma5B6W1h+b3yqh4BKp+kWk0pudlDC2/0y79X+4z1fC/7q6r3DK/4rN7a3Kz8fKwc/Uyr3c5N7dzuTi1Ofl1enm2O3r3/b06////yH+EUNyZWF0ZWQgd2l0aCBHSU1QACH5BAEKAB8ALAAAAAAQABAAAAWf4OeNXmdyX6qKpNSc25p6TVEIgl1osljntxxPNrIILhrDZBl5OBaLj6mTa1CWk+YTOpXgsBEM5gFdmDLBiJrC2VCgB85lYJFcmg+MPAPnDP4aGg4ODxsVFBkPBwd/jRuDFBoQDxkVix+NHwBQSBmeFwoEHwEDAQEAAJQVDAwQFxCipqeoABkMiwcWFqKjpqgEBLjAwDIAHwoJyQkIzB8hADs=
Violation: img-src https://mozillians.org:443 http://statse.webtrendslive.com:80 https://statse.webtrendslive.com:443 http://www.gravatar.com:80 https://secure.gravatar.com:443
Request Headers:
Need to add "data:" to the img-src list.

BUT, I don't see 'data:' anywhere in the source of the page. I wonder, again, if this is an add-on?

If you decode the image, it looks like some sort of translation icon. My guess is an add-on is inserting it into the page. This is something we might want to send along to Sid (thus: cced).
Assignee: nobody → james
Target Milestone: --- → 2012-06-13
For the record, I'm disinclined to fix. We don't use data: URIs for images, afaik, anywhere in Mozillians, except the opensearch plugin.
Per comment 2, and no one has disagreed. => WONTFIX.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
James, thanks for following up and marking wontfix. I agree and am bumping to verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.