On Sat, 04 Jan 2020 at 13:43:46 +0100, William Gathoye (LibreOffice) wrote:
> An incident happened between yesterday evening and today (now).
The CSP was last changed on Thu Jan 2 round 03:30 UTC, so — assuming the
images resources didn't magically moved to .wp.com — the regression is
actually older.
> For a reason I don't know all web browsers are now unable to load these
> images, while the WordPress CDN still can be reached and images can be
> directly reached.
The web console gives the reason:
Content Security Policy: The page’s settings blocked the loading of a
resource at
https://i0.wp.com/blog.documentfoundation.org/wp-content/uploads/2018/02/lo60introcubes300.gif?w=960&ssl=1
(“img-src”).
Ooops. Extended it to https://*.wp.com for now. The better fix would
be to host these ourselves and tighten the CSP, of course. That's also
true for Google fonts, WordPress fonts/script/styles etc.
--
Guilhem.
--
To unsubscribe e-mail to: website+unsubscr...@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/website/
Privacy Policy: https://www.documentfoundation.org/privacy
