Step 1: Please describe your environment
- ZeroNet version: 0.7.0 (4188)
- Operating system: Linux
- Web browser: Firefox 68.0
- Tor status: enabled
- Opened port: yes
- Special configuration: none
Step 2: Describe the problem:
ZeroNet includes the following Content-Security-Policy HTTP header:
Content-Security-Policy: default-src 'none'; script-src 'nonce-xxxxxx'; img-src 'self'; style-src 'self' 'unsafe-inline'; connect-src *; frame-src 'self'
'self' value allows blob: scheme to be used on Chrome but not on Firefox.
I'd like to ask adding blob: scheme where 'self' is currently used.
Steps to reproduce:
- Open http://127.0.0.1:43110/1MVyVRFfQ8nSR3dMxisz1pZBwrd8jJRezy/ (TiddlyWiki)
- Press drop-down menu on the tiddler → export tiddler → CSV
Observed Results:
The tiddler export functionality, which uses blob: scheme, succeeds on Chrome but not on Firefox.
Expected Results:
blob: scheme could be used on both Chrome and Firefox.
Step 1: Please describe your environment
Step 2: Describe the problem:
ZeroNet includes the following
Content-Security-PolicyHTTP header:Content-Security-Policy: default-src 'none'; script-src 'nonce-xxxxxx'; img-src 'self'; style-src 'self' 'unsafe-inline'; connect-src *; frame-src 'self''self'value allowsblob:scheme to be used on Chrome but not on Firefox.I'd like to ask adding
blob:scheme where'self'is currently used.Steps to reproduce:
Observed Results:
The tiddler export functionality, which uses
blob:scheme, succeeds on Chrome but not on Firefox.Expected Results:
blob:scheme could be used on both Chrome and Firefox.