Re: Image Resize Issue from Daniel Veditz on 2020-01-24 (public-webappsec@w3.org from January 2020)

From: Daniel Veditz <dveditz@mozilla.com>
Date: Fri, 24 Jan 2020 00:47:05 -0800
To: Takao Nakagawa <takao.nakagawa@jtp.co.jp>
Cc: WebAppSec WG <public-webappsec@w3.org>, Nikolaij Ouillon <Nikolaij.Ouillon@jtp.co.jp>, Masakazu Umegaki <Masakazu.Umegaki@jtp.co.jp>, toshifumi nakazawa <Toshifumi.Nakazawa@jtp.co.jp>
Message-ID: <CADYDTCAq+YVvJOGWPKueCA7MqXGRcm=WqPEcmH=zmRq67vXzuw@mail.gmail.com>

> Does the W3C think as well that the problem doesn’t seem to be related to
CSP?

Microsoft is right about IE's lack of support for CSP, apart from the
'sandbox' directive which isn't at play here. Also I think IE requires the
pre-standard X- prefix on the header. CSP can't be the source of your
problem in IE.

Even if IE did support CSP, a policy might block the image from loading (no
load event), or it might block your script from running at all, but there's
nothing in CSP that would lead to your script reporting an incorrect image
size.

Received on Friday, 24 January 2020 08:47:26 UTC