#1
|
|||
|
|||
CSP for this site is pretty ridiculous
Blocking data-images? Really? What does this accomplish besides being annoying? I use custom scrollbars and it took me a minute to figure out why my scrollbars have no arrows here. Talk about overkill.
|
#2
|
||||
|
||||
What exactly is the problem?
__________________
raztoki @ jDownloader reporter/developer http://svn.jdownloader.org/users/170 Don't fight the system, use it to your advantage. :] |
#3
|
|||
|
|||
Content Security Policy of this site. It's not crazy abnormal for sites to block images hosted on other domains for security purposes (although it's usually sites like Github, not forums). jdownloader.org however, has a modified CSP which blocks data-images (like arrows in custom scrollbars). There is no security benefit to blocking data-images, it's just annoying. This is the only site I've ever seen do it, because it's a ridiculous thing to do.
|
#4
|
||||
|
||||
Guess need to wait for Jiaz to respond about that, as I really only help run the forum not the setup security side.
In the scheme of things its not the end of the world.
__________________
raztoki @ jDownloader reporter/developer http://svn.jdownloader.org/users/170 Don't fight the system, use it to your advantage. :] |
#5
|
||||
|
||||
Can you please tell me what browser/extension you use to customize scrollbars. Then I will look into it and modify csp to make it work again.
__________________
JD-Dev & Server-Admin |
#6
|
|||
|
|||
https://chrome.google.com/webstore/d...kjfobafhncgmne
**External links are only visible to Support Staff****External links are only visible to Support Staff** Sorry for the delay, I didn't get a notification. I just don't get how blocking data-images improves security. He's right, in the scheme of things it's not the end of the world, but it seems unnecessary. |
#7
|
|||
|
|||
External links are only visible to supporters. Also genius. Presumably you can see it.
|
#8
|
||||
|
||||
I will check/update CSP as soon as I find time for it
Links are whitelisted. Non whitelisted links are only visible to support staff members
__________________
JD-Dev & Server-Admin |
#9
|
||||
|
||||
Should be working now
__________________
JD-Dev & Server-Admin |
#10
|
|||
|
|||
Yup. Much better!
|
#11
|
||||
|
||||
Thanks for the feedback! sorry for the inconvenience
__________________
JD-Dev & Server-Admin |
Thread Tools | |
Display Modes | |
|
|