Re: No scheme in policy: Errors for either scheme from Neil Matatall on 2013-02-12 (public-webappsec@w3.org from February 2013)

From: Neil Matatall <neilm@twitter.com>
Date: Tue, 12 Feb 2013 14:39:23 -0800
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CAOFLtbgW=-VCw=AXSLfTpYqG7otc+nMPbc5TbnBKyOKVaGLcog@mail.gmail.com>

Version 26.0.1407.0 canary

On Tue, Feb 12, 2013 at 2:37 PM, Neil Matatall <neilm@twitter.com> wrote:
> Given I have "X-Webkit-Csp:
> default-src 'self' google.com chrome-extension:; img-src google.com
> chrome-extension: data:; report-uri
> https://twitter.com/scribes/csp_report;"
>
> I get:
>
> Refused to load the image 'http://www.google.com/asdf' because it
> violates the following Content Security Policy directive: "img-src
> google.com chrome-extension: data:".
>
> Refused to load the image 'https://google.com/asdf' because it
> violates the following Content Security Policy directive: "img-src
> google.com chrome-extension: data:".

Received on Tuesday, 12 February 2013 22:39:51 UTC