The image could not be loaded because it violates the Content Security Policy

Sarah

In a Chrome app, I try to load an image from an external link, but I get an error

Refused to load image "Unsafe: https://www.google.co.in/images/srpr/logo11w.png " because it violates the following Content Security Policy directive: "img-src ' self ' blob: filesystem: Data: chrome-extension-resource:

I have added content_security_policy in manifest.json file

"content_security_policy": "img-src 'self' https://www.google.co.in/ blob: filesystem: data: chrome-extension-resource:;"

and

Also use a regular expression to explicitly add the URL protocol to Angular's whitelist

.config(['$compileProvider',
    function ($compileProvider) {
        var currentImgSrcSanitizationWhitelist = $compileProvider.imgSrcSanitizationWhitelist();
        var newImgSrcSanitizationWhiteList = currentImgSrcSanitizationWhitelist.toString().slice(0, -1)
        + '|chrome-extension:'
        + currentImgSrcSanitizationWhitelist.toString().slice(-1);

        console.log("Changing imgSrcSanitizationWhiteList from " + currentImgSrcSanitizationWhitelist + " to " + newImgSrcSanitizationWhiteList);
        $compileProvider.imgSrcSanitizationWhitelist(newImgSrcSanitizationWhiteList);
    }
        ]);

But still there are errors.

Khan

you can'tOverride CSP for Chrome Apps (this key only applies to extensions).

You will need to adapt your app to fetch and then cache the image locally - you cannot embed it directly. See Google's guide to referencing external resources .

Also, look at this question again - if you unsafe:entered the URL incorrectly.

Related

Refused to load because it violates the Content Security Policy

FreshDev I'm having a very strange issue with "Content Security Policy" in Chrome and Firefox. My meta tags look like this: <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-

Refused to load because it violates the Content Security Policy

FreshDev I'm having a very strange issue with "Content Security Policy" in Chrome and Firefox. My meta tags look like this: <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-

OnClick violates the Content Security Policy

ugly I am attaching an external script to an HTML/EJS page. The script uses the "createElement" and "setAttribute" commands to populate an image to the page. Also, I created an "onclick" attribute to run the function when one of these created images is "clicke

OnClick violates the Content Security Policy

ugly I am attaching an external script to an HTML/EJS page. The script uses the "createElement" and "setAttribute" commands to populate an image to the page. Also, I created an "onclick" attribute to run the function when one of these created images is "clicke

OnClick violates the Content Security Policy

ugly I am attaching an external script to an HTML/EJS page. The script uses the "createElement" and "setAttribute" commands to populate an image to the page. Also, I created an "onclick" attribute to run the function when one of these created images is "clicke

OnClick violates the Content Security Policy

ugly I am attaching an external script to an HTML/EJS page. The script uses the "createElement" and "setAttribute" commands to populate an image to the page. Also, I created an "onclick" attribute to run the function when one of these created images is "clicke

OnClick violates the Content Security Policy

ugly I am attaching an external script to an HTML/EJS page. The script uses the "createElement" and "setAttribute" commands to populate an image to the page. Also, I created an "onclick" attribute to run the function when one of these created images is "clicke