Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(playground): allow img from blob and data #9771

Merged
merged 1 commit into from
Oct 6, 2023
Merged

feat(playground): allow img from blob and data #9771

merged 1 commit into from
Oct 6, 2023

Conversation

fiji-flo
Copy link
Contributor

@fiji-flo fiji-flo commented Oct 5, 2023
edited by caugner
Loading

Summary

Fixes #9463.

fixes live sample in https://developer.mozilla.org/en-US/docs/Web/API/File_API/Using_files_from_web_applications#example_using_object_urls_to_display_images

Problem

We do not allow blob urls in the playground

Solution

Add according CSP and also allow data:.

How did you test this change?

Locally running the cloud function.

@fiji-flo fiji-flo requested a review from caugner October 5, 2023 11:29
caugner
caugner reviewed Oct 5, 2023
View reviewed changes
Copy link
Contributor

@caugner caugner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran npm start in cloud-function, but the example still doesn't work on https://localhost/en-US/docs/Web/API/File_API/Using_files_from_web_applications#example_using_object_urls_to_display_images and fails with:

Content-Security-Policy: The page’s settings blocked the loading of a resource at blob:https://live.mdnyalp.dev/650da1da-2c37-4d55-afc9-6a6ed7f9e85c (“default-src”).

Tips?

@fiji-flo Can you elaborate how you tested this locally?

@fiji-flo
Copy link
Contributor Author

fiji-flo commented Oct 5, 2023

BUILD_LIVE_SAMPLES_BASE_URL=https://localhost might do the trick 🤞

@fiji-flo fiji-flo requested a review from caugner October 6, 2023 07:54
@caugner
Copy link
Contributor

caugner commented Oct 6, 2023

BUILD_LIVE_SAMPLES_BASE_URL=https://localhost might do the trick 🤞

@fiji-flo I'm using these in my cloud-function/.env:

ORIGIN_MAIN="localhost"
ORIGIN_LIVE_SAMPLES="localhost"

SOURCE_CONTENT=https://storage.googleapis.com/content-stage-mdn/main/
SOURCE_API=http://localhost:8000/

Do I have to make a local build with BUILD_LIVE_SAMPLES_BASE_URL=https://localhost and set SOURCE_CONTENT accordingly?

@fiji-flo
Copy link
Contributor Author

fiji-flo commented Oct 6, 2023

I'm running yarn dev locally with BUILD_LIVE_SAMPLES_BASE_URL=https://localhost and just not set SOURCE_CONTENT.
Content pages will 404, so I run yarn build files/en-us/web/api/file_api/using_files_from_web_applications/index.md and then visit https://localhost/en-US/docs/Web/API/File_API/Using_files_from_web_applications#example_using_object_urls_to_display_images

caugner
caugner approved these changes Oct 6, 2023
View reviewed changes
Copy link
Contributor

@caugner caugner left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified that this resolves the issue (comparing the result with main).

PS: Didn't work at first, because I hadn't run npm run copy-internal. 🤷

@caugner caugner merged commit 77e4c6e into main Oct 6, 2023
12 checks passed
@caugner caugner deleted the enhance-play-csp branch October 6, 2023 14:28
@github-actions github-actions bot mentioned this pull request Oct 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caugner caugner caugner approved these changes

Assignees
No one assigned
Labels
plus:playground
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FF 117.0b4: CSP blocks live example with img.src="data:image/svg+xml,base64,"+...
2 participants
@fiji-flo @caugner