Watch

Welcome to the React feedback portal. We’re happy you’re here! If you have feedback on how to improve the React, we’d love to hear it!

Check out the features or bugs others have reported and vote on your favorites. Feedback will be prioritized based on popularity.
If you have feedback that’s not listed yet, submit your own.

Thanks for joining our community and helping improve Syncfusion products!

Vote

Diagram's MeasureElement makes use of "data:" as src, which violates content security policy Declined - Not Valid

: Oct 26, 2021 2:50 AM

: Oct 29, 2021 3:55 AM

: Bug Report

: Diagram

: 19.3.0.46

: Google Chrome

: Oct 26, 2021 2:50 AM

: Bug Report

: Diagram

Hi,

I upgraded to the latest Diagram version, and now I get this error in the browser console:

Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "img-src 'self' blob: http://localhost:4598

The cause is the Diagram's measure element:

src is defined as "

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7", which violates our configured content security policy. Since this is the only occurence in our application where "data." is used, we would prefer to not have to change our CSP rules to make it work.

Maybe we could choose between "blob:" and "data:"?

Thanks for your help!

1 COMMENT