Content Security policy directive :"img-src 'self' data:" issue while loading image from url in angular 8 , nodejs as server

Question

I tried different ways even using this url : StackOverflow CSP Image issue

But still facing the issue:

Refused to load the image '<URL>' because it violets the following Content Security Policy directive : image-src 'self' data:.

My URL looks like this:

https://abcstotrage.blob.core.windows.net/contnr/folderimg/img/2/2019_45_566_x.bmp?x=2019-12-14&sr=tyu

And I am using below metaTag:

<meta http-equiv="Content-Security-Policy" content="default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: gap: content:; 
img-src https://* 'self' data: mediastream: blob: filesystem; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; 
style-src  'self' 'unsafe-inline' *">

Check if you also have a CSP response header that serves the directive you see in the error message. — Halvor Sakshaug, Dec 09 '20 at 19:01
@Halvor Sakshuag I am using nodejs as a server and it fetches the data from azure blob ,so do i need to add csp header in nodejs as well — Daksh Dutta, Dec 09 '20 at 19:42
Halvor Sakshaug meant that you have 2 different CSPs at the same time; one via HTTP header and second - via meta tag. Because we observe `image-src 'self' data:` in the error message but `mg-src https://* 'self' data: mediastream: blob: filesystem` in meta. — granty, Dec 10 '20 at 04:41

Content Security policy directive :"img-src 'self' data:" issue while loading image from url in angular 8 , nodejs as server

0 Answers0