On Sat, 04 Jan 2020 at 13:43:46 +0100, William Gathoye (LibreOffice) wrote: > An incident happened between yesterday evening and today (now).
The CSP was last changed on Thu Jan 2 round 03:30 UTC, so — assuming the images resources didn't magically moved to .wp.com — the regression is actually older. > For a reason I don't know all web browsers are now unable to load these > images, while the WordPress CDN still can be reached and images can be > directly reached. The web console gives the reason: Content Security Policy: The page’s settings blocked the loading of a resource at https://i0.wp.com/blog.documentfoundation.org/wp-content/uploads/2018/02/lo60introcubes300.gif?w=960&ssl=1 (“img-src”). Ooops. Extended it to https://*.wp.com for now. The better fix would be to host these ourselves and tighten the CSP, of course. That's also true for Google fonts, WordPress fonts/script/styles etc. -- Guilhem. -- To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/global/website/ Privacy Policy: https://www.documentfoundation.org/privacy