W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2020

Re: Image Resize Issue

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 24 Jan 2020 00:47:05 -0800
Message-ID: <CADYDTCAq+YVvJOGWPKueCA7MqXGRcm=WqPEcmH=zmRq67vXzuw@mail.gmail.com>
To: Takao Nakagawa <takao.nakagawa@jtp.co.jp>
Cc: WebAppSec WG <public-webappsec@w3.org>, Nikolaij Ouillon <Nikolaij.Ouillon@jtp.co.jp>, Masakazu Umegaki <Masakazu.Umegaki@jtp.co.jp>, toshifumi nakazawa <Toshifumi.Nakazawa@jtp.co.jp>
> Does the W3C think as well that the problem doesn’t seem to be related to
CSP?

Microsoft is right about IE's lack of support for CSP, apart from the
'sandbox' directive which isn't at play here. Also I think IE requires the
pre-standard X- prefix on the header. CSP can't be the source of your
problem in IE.

Even if IE did support CSP, a policy might block the image from loading (no
load event), or it might block your script from running at all, but there's
nothing in CSP that would lead to your script reporting an incorrect image
size.
Received on Friday, 24 January 2020 08:47:26 UTC

This archive was generated by hypermail 2.4.0 : Friday, 24 January 2020 08:47:27 UTC