CSP issue with automatic translate
Reported by
marco.da...@gmail.com,
Oct 20 2017
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 Steps to reproduce the problem: 1. Go to https://pl.internet.nl/domain/example.nl/106611/ 2. The page is auto-translate from Polish to -in my case- Dutch 3. The console shows CSP errors such as: Refused to load the image 'https://www.gstatic.com/images/branding/product/2x/translate_24dp.png' because it violates the following Content Security Policy directive: "img-src 'self' *.internet.nl data:". What is the expected behavior? No CSP errors. CSP-settings should not affect the translate-feature of Chrome, in my mind. This is confusing to the website-owner that set's the Content-Security-Policy header. What went wrong? Unexpected CSP errors with regard to the translation-functionality of Chrome. Did this work before? N/A Chrome version: 61.0.3163.100 Channel: stable OS Version: OS X 10.12.6 Flash Version: CSP errors do not seem to affect the translation, but they still come unexpected.
,
Oct 23 2017
,
Oct 23 2017
Able to reproduce this issue on Mac 10.12.6, Win-10 and Ubuntu 14.04 using chrome stable version #62.0.3202.62 and latest canary #64.0.3247.0. This is a non-regression issue as it is observed from M50 old builds. Note: The page did not auto-translate from Polish to english rather it got translated on pressing the "translate" button. Attached a screen cast for reference. Hence, marking it as untriaged to get more inputs from dev team. Thanks...!!
,
Oct 24 2017
This is likely a more general issue with scripts running in isolated worlds. I thought we'd done some work to allow direct requests such as those generated by `<img>` tags to bypass the main world's CSP, but I can imagine that Translate is doing something we're not correctly handling. +Andy.
,
Nov 10 2017
,
Jan 18 2018
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by shrike@chromium.org
, Oct 20 2017