how do I implement content security policy in safari extension

Question

I am getting following error Refused to load https://plus.google.com/_/favicon?domain_url=https://idmsa.apple.com/appleauth/auth/signin?widgetKey=83545bf919730e51dbfba24e7e8a78d2&locale=en_US&font=sf&iframeId=24f64667-08f1-4ffb-ac10-4bda573c8ed7 because it does not appear in the img-src directive of the Content Security Policy.

Invalid 'X-Frame-Options' header encountered when loading 'https://idmsa.apple.com/appleauth/auth/signin?widgetKey=83545bf919730e51dbfba24e7e8a78d2&locale=en_US&font=sf&iframeId=24f64667-08f1-4ffb-ac10-4bda573c8ed7': 'ALLOW-FROM https://www.icloud.com' is not a recognized directive. The header will be ignored.

The X-Frame-Options error is not relevant to the question. Are you trying to ask two different questions? — Stephen R, Aug 15 '18 at 13:49

score 0 · Answer 1 · answered Aug 15 '18 at 13:46

0

Try putting a local copy of the image in your extension, rather than hot-linking a remote image. It appears Safari’s CSP rules for extensions doesn’t allow remote images the way you’re using them

answered Aug 15 '18 at 13:46

Stephen R

3,512
1
28
45

how do I implement content security policy in safari extension

1 Answers1