W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2020

Re: Image Resize Issue

From: Takao Nakagawa <takao.nakagawa@jtp.co.jp>
Date: Fri, 24 Jan 2020 18:36:51 +0900
Message-ID: <CAB+ShYNzEViyfC-RgEjD3kAOx3aZ_cFMf+hZ1fz-j+MLtmf1dQ@mail.gmail.com>
To: Daniel Veditz <dveditz@mozilla.com>
Cc: WebAppSec WG <public-webappsec@w3.org>, Nikolaij Ouillon <Nikolaij.Ouillon@jtp.co.jp>, Masakazu Umegaki <Masakazu.Umegaki@jtp.co.jp>, toshifumi nakazawa <Toshifumi.Nakazawa@jtp.co.jp>
Dear, Daniel

Thank you for your reply and your answer helped us very much.
I appreciate it.

Sincerely,
Takao.

2020年1月24日(金) 17:47 Daniel Veditz <dveditz@mozilla.com>:

> > Does the W3C think as well that the problem doesn’t seem to be related
> to CSP?
>
> Microsoft is right about IE's lack of support for CSP, apart from the
> 'sandbox' directive which isn't at play here. Also I think IE requires the
> pre-standard X- prefix on the header. CSP can't be the source of your
> problem in IE.
>
> Even if IE did support CSP, a policy might block the image from loading
> (no load event), or it might block your script from running at all, but
> there's nothing in CSP that would lead to your script reporting an
> incorrect image size.
>
>
Received on Friday, 24 January 2020 09:37:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 24 January 2020 09:37:34 UTC