Closed
Bug 1350563
Opened 8 years ago
Closed 8 years ago
Screenshot preview doesn’t work
Categories
(Webtools Graveyard :: Pontoon, enhancement)
Webtools Graveyard
Pontoon
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: theo, Unassigned)
Details
Bug found by Alizée during the workshop:
In https://pontoon.mozilla.org/fr/engagement/emails/2017/welcome-message.lang/?string=164035 there is a link to a picture, Pontoon tries to display the image and makes room for it, but fails to actually display it
|
||
Comment 1•8 years ago
|
||
Pontoon analyzes comments in original strings and if it detects links to images, it displays them as clickable thumbails.
Since our CSP blocks images that aren't on whitelisted domains, the image doesn't show:
https://github.com/mozilla/pontoon/blob/master/pontoon/settings/base.py#L621
One possible solution is to download images and store them locally on the server, so they are always loaded from server domain.
April, do you have any other recommendations?
Flags: needinfo?(april)
|
||
Comment 2•8 years ago
|
||
Oh, so it's downloading *and* displaying them? There's not generally any problem with that, if it's acceptable behavior for them to be literally any image. If so, you can probably change it to be:
img-src 'self' https:
(and optionally http:)
In such a case, you may want to be careful such that you don't do this auto-display behavior for SVG files, since they can contain script and behave oddly.
Let me know if have any additional questions!
Flags: needinfo?(april)
|
|
||
Comment 3•8 years ago
|
||
Thanks!
To clarify, by downloading I didn't mean to user's machine, but to Pontoon server, from where images will be served.
|
|
||
Comment 4•8 years ago
|
||
Got'cha. If you wanted to download them to pontoon that would work as well (under 'self'), with the same SVG restrictions. That will likely require some additional amount of space, but is certainly a perfectly viable solution as well.
Both of these should work fine:
a) display the images from their origins (and use img-src https:), or
b) download them to pontoon and display from there (using img-src 'self')
|
|
||
Comment 5•8 years ago
|
||
Thanks, option a) is obviously much more convenient. I'm very glad I NIed you! ;)
SVG images are not allowed, PNG and JPG only.
|
||
Comment 6•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/pontoon
https://github.com/mozilla/pontoon/commit/49c7bd7d0625cd5128e93763effd96ab8743e739
Fix bug 1350563: Allow https screenshots
|
|
||
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
|
||
Updated•4 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•