question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Image/File uploads being blocked due to CSP

See original GitHub issue

Aknowledgements

  • I have checked that there’s no other issue describing the same or similar problem that I currently have, regardless if it has been closed or open.

  • I can confirm that this is not an issue with the Discord website, but it is a problem specific to the WebCord itself. I have tested if this bug occurs on Chromium/Chrome or any other Chromium-based browser that uses unpatched/upstream Chromium engine.

  • I have tried running the build from the master branch and it does not have any fixes implemented according to my issue.

  • My issue describes one of the unstable and/or not fully implemented features.

  • I have found a workaround to mitigate or temporarily fix this issue in affected releases (please write it in Additional context section below).

Operating System / Platform

🐧️ Linux

Operating system architecture

x64 (64-bit Intel/AMD)

Electron version

v19.0.5

Application version

v3.5.0(devel)

Bug description

Attempting to simply upload a file(for eg a screenshot) leads to an “Upload failed” popup. Upon checking in Chrome Devtools, there is a CSP error

af1ab6639961ea88c5c7.js:128 Refused to connect to 'https://discord-attachments-uploads-prd.storage.googleapis.com/XXXX-XXXX-XXXX-XXXX-XXXX/unknown.png?upload_id=XXXX-XXXX' because it violates the following Content Security Policy directive: "connect-src 'self' https://status.discordapp.com https://status.discord.com https://discordapp.com https://discord.com https://cdn.discordapp.com https://media.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://*.hcaptcha.com https://hcaptcha.com https://*.googlevideo.com https://api.twitter.com/1.1/guest/activate.json https://api.twitter.com/1.1/videos/tweet/config/ https://video.twimg.com/ext_tw_video/ https://api.twitch.tv/v5/channels/ https://gql.twitch.tv/gql https://spade.twitch.tv/track https://static.twitchcdn.net/assets/ https://usher.ttvnw.net/api/channel/hls/ https://*.hls.ttvnw.net/v1/playlist/ https://*.hls.ttvnw.net/v1/segment/ https://fresnel.vimeocdn.com/add/ https://24vod-adaptive.akamaized.net/ https://*.algolianet.com https://*.algolia.net https://v.redd.it".

Additional context

image image

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:12 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
SpacingBat3commented, Jul 18, 2022

And how can i do that, please?

File > Settings > Advanced > Content Security Policy > Uncheck “Use built-in Content Security Policy”

1reaction
SpacingBat3commented, Jul 18, 2022

Okay so, what’s the plan ?

Oh, I’ll just probably add a CSP entry for Google, right now you can disable WebCord’s CSP if you need to upload files and in the next update it should be fixed… I forgot about this, so it won’t make it to 3.5.1.

Read more comments on GitHub >

github_iconTop Results From Across the Web

blocked:csp Understanding why CSP blocks resources
You may be seeing blocked:csp in Chrome developer tools when the browser is trying to load a resource. It might show up in...
Read more >
[CLOUD] Content-Security Policy blocks uploading ... - GitHub
However, it seems that the image is still being uploaded correctly, because the logo then appears on the left top corner after upload...
Read more >
Content Security Policy and input type file - Stack Overflow
I have an <input type="file"> to upload an image file. The project I work on have CSP settings and what I'm currently getting...
Read more >
Manage your Content Security Policy - Higher Logic
In the Blocking section, check the Block requests in violation of the CSP box to enable CSP. In the Report URL section, (optionally)...
Read more >
Cisco Firepower 4100/9300 FXOS CLI Configuration Guide ...
The software download page for the Firepower 4100/9300 chassis is opened in the browser. ... Fully qualified name of the FXOS image file...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found