W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2013

No scheme in policy: Errors for either scheme

From: Neil Matatall <neilm@twitter.com>
Date: Tue, 12 Feb 2013 14:37:49 -0800
Message-ID: <CAOFLtbhtUnafjo4+d1=Pyr-hL0X8Ld2KaHZFLuBY7QraY6UsXQ@mail.gmail.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Given I have "X-Webkit-Csp:
default-src 'self' google.com chrome-extension:; img-src google.com
chrome-extension: data:; report-uri
https://twitter.com/scribes/csp_report;"

I get:

Refused to load the image 'http://www.google.com/asdf' because it
violates the following Content Security Policy directive: "img-src
google.com chrome-extension: data:".

Refused to load the image 'https://google.com/asdf' because it
violates the following Content Security Policy directive: "img-src
google.com chrome-extension: data:".
Received on Tuesday, 12 February 2013 22:38:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 12 February 2013 22:38:18 GMT