Content-Security-Policy: The page’s settings blocked the loading of a resource at blob: (“default-src”).

Open on Drupal.org →

Created on 5 April 2024, 7 months ago

Updated 29 April 2024, 7 months ago

We are using AWS chat in our application. when i am trying to download transcript from the firefox browser getting bellow Error.
Content-Security-Policy: The page’s settings blocked the loading of a resource at blob:https://website address (“default-src”).

Note: I have tried adding "blob:" inside default-src - self and I have attached the image for the same.

💬 Support request

Status

Closed: cannot reproduce

Version

1.0

Component

Code

Created by

🇮🇳India manojprabakar_ss

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Comments & Activities

Issue created by @manojprabakar_ss
Comment 7 months ago →
🇨🇦Canada gapple
I'm not sure that I can help here beyond validating that Drupal and the CSP module are outputting the header as expected.
Rather than setting default-src, you can set the more specific directives to see which one is actually being violated and needs the additional protocol without allowing it more broadly. (The module will remove additional directives if they fallback to default-src and are set to the same value though, so you will need to disable or change default-src while testing - even just adding a fake url would work).

blob: is the correct formatting to use in that field for the protocol (as checked by the form validation)
Status changed to Closed: cannot reproduce 7 months ago11:42pm 29 April 2024
Comment 7 months ago →
🇨🇦Canada gapple

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024