If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

[mozillians] CSP Violation: data:image/gif; base64

VERIFIED WONTFIX

Status

Participation Infrastructure
Phonebook
VERIFIED WONTFIX
5 years ago
5 years ago

People

(Reporter: mbrandt, Assigned: jsocol)

Tracking

other
2012-06-13

Details

(Reporter)

Description

5 years ago
[mozillians] CSP Violation: data:image/gif; base64,R0lGODlhEAAQAIQfAAFYsQJkw15iWgRz3AeN0Xl8c2mBiQma5B6W1h+b3yqh4BKp+kWk0pudlDC2/0y79X+4z1fC/7q6r3DK/4rN7a3Kz8fKwc/Uyr3c5N7dzuTi1Ofl1enm2O3r3/b06////yH+EUNyZWF0ZWQgd2l0aCBHSU1QACH5BAEKAB8ALAAAAAAQABAAAAWf4OeNXmdyX6qKpNSc25p6TVEIgl1osljntxxPNrIILhrDZBl5OBaLj6mTa1CWk+YTOpXgsBEM5gFdmDLBiJrC2VCgB85lYJFcmg+MPAPnDP4aGg4ODxsVFBkPBwd/jRuDFBoQDxkVix+NHwBQSBmeFwoEHwEDAQEAAJQVDAwQFxCipqeoABkMiwcWFqKjpqgEBLjAwDIAHwoJyQkIzB8hADs=: img-src https://mozillians.org:443 http://statse.webtrendslive.com:80 https://statse.webtrendslive.com:443 http://www.gravatar.com:80 https://secure.gravatar.com:443



Content Security Policy Violation Report

Request: GET https://mozillians.org/en-US/?next=/en-US/group/11058-automation-development HTTP/1.1
Blocked URI: data:image/gif;base64,R0lGODlhEAAQAIQfAAFYsQJkw15iWgRz3AeN0Xl8c2mBiQma5B6W1h+b3yqh4BKp+kWk0pudlDC2/0y79X+4z1fC/7q6r3DK/4rN7a3Kz8fKwc/Uyr3c5N7dzuTi1Ofl1enm2O3r3/b06////yH+EUNyZWF0ZWQgd2l0aCBHSU1QACH5BAEKAB8ALAAAAAAQABAAAAWf4OeNXmdyX6qKpNSc25p6TVEIgl1osljntxxPNrIILhrDZBl5OBaLj6mTa1CWk+YTOpXgsBEM5gFdmDLBiJrC2VCgB85lYJFcmg+MPAPnDP4aGg4ODxsVFBkPBwd/jRuDFBoQDxkVix+NHwBQSBmeFwoEHwEDAQEAAJQVDAwQFxCipqeoABkMiwcWFqKjpqgEBLjAwDIAHwoJyQkIzB8hADs=
Violation: img-src https://mozillians.org:443 http://statse.webtrendslive.com:80 https://statse.webtrendslive.com:443 http://www.gravatar.com:80 https://secure.gravatar.com:443
Request Headers:
(Assignee)

Comment 1

5 years ago
Need to add "data:" to the img-src list.

BUT, I don't see 'data:' anywhere in the source of the page. I wonder, again, if this is an add-on?

If you decode the image, it looks like some sort of translation icon. My guess is an add-on is inserting it into the page. This is something we might want to send along to Sid (thus: cced).
Assignee: nobody → james
Target Milestone: --- → 2012-06-13
(Assignee)

Comment 2

5 years ago
For the record, I'm disinclined to fix. We don't use data: URIs for images, afaik, anywhere in Mozillians, except the opensearch plugin.
(Assignee)

Comment 3

5 years ago
Per comment 2, and no one has disagreed. => WONTFIX.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
(Reporter)

Comment 4

5 years ago
James, thanks for following up and marking wontfix. I agree and am bumping to verified.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.