Closed Bug 1989392 Opened 3 months ago Closed 3 months ago

Image preview in "Insert Image" dialog fails with CSP error when image is inserted from web resource

Categories

(Thunderbird :: Message Compose Window, defect)

Product:
Thunderbird
Component:
Message Compose Window
Version:
Thunderbird 140
Type:
defect

Tracking

(thunderbird_esr140 fixed, thunderbird143 wontfix, thunderbird144 fixed)

Status:
RESOLVED FIXED
Milestone:
145 Branch
Tracking Flags:
Tracking Status
thunderbird_esr140 --- fixed
thunderbird143 --- wontfix
thunderbird144 --- fixed

People

(Reporter: francesco, Assigned: mkmelin)

References

(Blocks 1 open bug)

Details

(Keywords: regression)

Attachments

(1 file)

Bug 1989392 - "Insert Image" dialog CSP needs to allow http/s. r=arschmitz
48 bytes, text/x-phabricator-request
corey
: approval-comm-beta+
corey
: approval-comm-esr140+
Details | Review

Open a compose window and insert am image via the "Insert Image" dialog from a web resource, for example:
https://bugzilla.mozilla.org/images/index/firefox-beta.svg

Result: Image preview is broken.

Error in the console:
Content-Security-Policy: The page’s settings blocked the loading of a resource (img-src) at https://bugzilla.mozilla.org/images/index/firefox-beta.svg because it violates the following directive: “img-src chrome: data:” EdImageDialog.js:296:3

Blocks: tb140found
Keywords: regression
Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED
status-thunderbird143: --- → wontfix
status-thunderbird144: --- → affected
status-thunderbird_esr140: --- → affected
Keywords: checkin-needed-tb
Target Milestone: --- → 140 Branch
Target Milestone: 140 Branch → 145 Branch

Pushed by brendan@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/04b9052114b6
"Insert Image" dialog CSP needs to allow http/s. r=arschmitz

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Comment on attachment 9514133 [details]
Bug 1989392 - "Insert Image" dialog CSP needs to allow http/s. r=arschmitz

Uplift Approval Request

  • Please state case for uplift consideration and ensure bug severity is set: Broken feature
  • User impact if declined: Preview doesn't work
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Daily?: Yes
  • Has the fix been verified in Beta?: No
  • Needs manual test from QA?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Confined change
  • Does the fix cause any migrations to be skipped?: No
  • String changes made/needed: none
Attachment #9514133 - Flags: approval-comm-esr140?
Attachment #9514133 - Flags: approval-comm-beta?

Comment on attachment 9514133 [details]
Bug 1989392 - "Insert Image" dialog CSP needs to allow http/s. r=arschmitz

[Triage Comment]
Approved for beta

Attachment #9514133 - Flags: approval-comm-beta? → approval-comm-beta+

Comment on attachment 9514133 [details]
Bug 1989392 - "Insert Image" dialog CSP needs to allow http/s. r=arschmitz

[Triage Comment]
Approved for esr140

Attachment #9514133 - Flags: approval-comm-esr140? → approval-comm-esr140+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: