Closed
Bug 1468988
Opened 5 years ago
Closed 5 years ago
Cannot load svg file on https://firefox-source-docs.mozilla.org because of Content Security Policy
Categories
(Developer Infrastructure :: Source Documentation, enhancement)
Developer Infrastructure
Source Documentation
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: jlorenzo, Unassigned)
References
Details
In bug 1468751, we made sure SVGs were uploaded on https://firefox-source-docs.mozilla.org/. However, even though the file now exists[1], this page[2] doesn't show the SVG. The reason claimed in the console: > Content Security Policy: The page’s settings blocked the loading of a resource at https://firefox-source-docs.mozilla.org/_images/pushapk.svg (“img-src”). I'm unsure what configuration should be changed. It seems to be server-side, but I'm unsure. [1] https://firefox-source-docs.mozilla.org/_images/pushapk.svg
Reporter | ||
Comment 1•5 years ago
|
||
`curl --location -I https://firefox-source-docs.mozilla.org/_images/pushapk.svg` returns: > HTTP/2 200 > content-type: image/svg+xml > content-length: 112028 > content-security-policy: default-src 'none'; connect-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src data:; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com > date: Fri, 15 Jun 2018 16:22:14 GMT > etag: "9bfd6802211eddd24dd652bf56ef9584" > last-modified: Fri, 15 Jun 2018 09:58:33 GMT > referrer-policy: origin > server: AmazonS3 > strict-transport-security: max-age=63072000; includeSubDomains; always > x-content-type-options: nosniff > x-frame-options: DENY > x-xss-protection: 1; mode=block > x-cache: Miss from cloudfront > via: 1.1 0576b942ae9f4fc9c0b62b0736e9bfd6.cloudfront.net (CloudFront) > x-amz-cf-id: A-QX-v8Bya0-ctfpRLbnbg9MHPILje4XcozD-IBmmwSr02H2b0v-dg== In which, the interesting part is (formatted): > content-security-policy: > default-src 'none'; > connect-src 'self'; > font-src 'self' https://fonts.gstatic.com; > img-src data:; > script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; > style-src 'self' 'unsafe-inline' https://fonts.googleapis.com Per [1], we should change img-src to: > img-src data: https://firefox-source-docs.mozilla.org/; I don't have access to the configuration of the S3 bucket. :gps, I was told you might be the right contact. If not, would you know who'd be the point person? [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src
Flags: needinfo?(gps)
Comment 2•5 years ago
|
||
Dustin set us up the S3 bucket and is the best person to make this change.
Flags: needinfo?(gps) → needinfo?(dustin)
Updated•5 years ago
|
Component: General → Generated Documentation
Product: Developer Documentation → Firefox Build System
Comment 3•5 years ago
|
||
Lambda function updated and deployed.
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(dustin)
Resolution: --- → FIXED
Reporter | ||
Comment 4•5 years ago
|
||
https://firefox-source-docs.mozilla.org/taskcluster/docs/taskcluster/pushapk.html now shows the image. Thank you!
Status: RESOLVED → VERIFIED
Updated•5 months ago
|
Product: Firefox Build System → Developer Infrastructure
You need to log in
before you can comment on or make changes to this bug.
Description
•