Date: prev next · Thread: first prev next last
2020 Archives by date, by thread · List index 

On Sat, 04 Jan 2020 at 13:43:46 +0100, William Gathoye (LibreOffice) wrote:

An incident happened between yesterday evening and today (now).


The CSP was last changed on Thu Jan 2 round 03:30 UTC, so — assuming the
images resources didn't magically moved to .wp.com — the regression is
actually older.


For a reason I don't know all web browsers are now unable to load these
images, while the WordPress CDN still can be reached and images can be
directly reached.


The web console gives the reason:

    Content Security Policy: The page’s settings blocked the loading of a resource at
    
https://i0.wp.com/blog.documentfoundation.org/wp-content/uploads/2018/02/lo60introcubes300.gif?w=960&ssl=1
    (“img-src”).

Ooops.  Extended it to https://*.wp.com for now.  The better fix would
be to host these ourselves and tighten the CSP, of course.  That's also
true for Google fonts, WordPress fonts/script/styles etc.

-- 
Guilhem.

-- 
To unsubscribe e-mail to: website+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.