Meteor BrowserPolicy allows you to create a "blob:"

Question

Meteor BrowserPolicy allows you to create a "blob:"

I have included the meteor / browser-policy-common content security policy package

Now I get this error from ostrio: CSP related files

Refused to create an employee from 'blob: http: // localhost: 3000 / ef628f55-736b-4b36-a32d-b1056adfaa8c ', because it violates the following content security policy directive: "default-src 'self' http: // fonts. Googleapis .com https://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com http://code.ionicframework.com https://code.ionicframework.com . " Note that 'worker-src' was not explicitly set, so 'default-src' is used as a fallback.

My actual browser policy configuration is as follows

import { BrowserPolicy } from 'meteor/browser-policy-common';
// e.g., BrowserPolicy.content.allowOriginForAll( 's3.amazonaws.com' );
// BrowserPolicy.content.allowFontOrigin("data:");

BrowserPolicy.framing.disallow();
BrowserPolicy.content.disallowInlineScripts();
BrowserPolicy.content.disallowEval();
BrowserPolicy.content.allowInlineStyles();
BrowserPolicy.content.allowFontDataUrl();

const trusted = [
  'fonts.googleapis.com',
  'fonts.gstatic.com',
  'code.ionicframework.com',
];

_.each(trusted, (origin) => {
  BrowserPolicy.content.allowOriginForAll(origin);
});

, , ostrio: files blob: http://localhost: 3000/... ?

!

+5

javascript meteor content-security-policy

razor7 12 '17 18:04

1

sideshowbarker · Accepted Answer · 2017-05-12T20:32:20+0000

blob:, :

BrowserPolicy.content.allowOriginForAll('blob:');

Meteor blob: worker-src.

Meteor BrowserPolicy allows you to create a "blob:"

More articles: