Video loading spinner broken by CSP |
||||
Issue descriptionChrome Version: 70.0.3536.0 (Developer Build) (64-bit) OS: Mac OS X What steps will reproduce the problem? (1) Open attached HTML file What is the expected result? A HTML video is displayed. While the video is loaded, spinner is displayed over the "play" button. What happens instead? An HTML video is displayed. While the video is loaded, spinner is not displayed over the "play" button. Additionally, console log contains the following messages: Refused to load the image 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjIuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCAxOTYgMTk2IiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxOTYgMTk2OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik0xNDcsOThjMCwxOS42LTExLjUsMzYuNS0yOC4yLDQ0LjRsMCwwYy0wLjEsMC0wLjIsMC4xLTAuMywwLjEKCWMwLjEsMCwwLjItMC4xLDAuMy0wLjFsLTEuNy0zLjZDMTMyLjQsMTMxLjYsMTQzLDExNiwxNDMsOThjMC0yNC45LTIwLjEtNDUtNDUtNDV2LTRDMTI1LjEsNDksMTQ3LDcwLjksMTQ3LDk4eiIvPgo8L3N2Zz4K' because it violates the following Content Security Policy directive: "default-src https://www.w3schools.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. Refused to load the image 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPCEtLSBHZW5lcmF0b3I6IEFkb2JlIElsbHVzdHJhdG9yIDE5LjIuMSwgU1ZHIEV4cG9ydCBQbHVnLUluIC4gU1ZHIFZlcnNpb246IDYuMDAgQnVpbGQgMCkgIC0tPgo8c3ZnIHZlcnNpb249IjEuMSIgaWQ9IkxheWVyXzEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiIHg9IjBweCIgeT0iMHB4IgoJIHZpZXdCb3g9IjAgMCAxOTYgMTk2IiBzdHlsZT0iZW5hYmxlLWJhY2tncm91bmQ6bmV3IDAgMCAxOTYgMTk2OyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+CjxwYXRoIGNsYXNzPSJzdDAiIGQ9Ik05OCw0OXY0Yy0yNC45LDAtNDUsMjAuMS00NSw0NQoJYzAsMTgsMTAuNiwzMy42LDI1LjksNDAuOGwtMS43LDMuNmMwLjEsMCwwLjIsMC4xLDAuMywwLjFjLTAuMSwwLTAuMi0wLjEtMC4zLTAuMWwwLDBDNjAuNSwxMzQuNSw0OSwxMTcuNiw0OSw5OAoJQzQ5LDcwLjksNzAuOSw0OSw5OCw0OXoiLz4KPC9zdmc+Cg==' because it violates the following Content Security Policy directive: "default-src https://www.w3schools.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. The problem is that the document uses CSP that forbids data urls, so spinner image URLs can not be loaded: <meta http-equiv="Content-Security-Policy" content="default-src https://www.w3schools.com;"> This problem is similar to https://bugs.chromium.org/p/chromium/issues/detail?id=777848, in https://chromium-review.googlesource.com/741586, this was fixed for -webkit-image-set but here this is just a plain image: https://cs.chromium.org/chromium/src/ui/file_manager/video_player/css/video_player.css?l=56 Apparently, a similar fix is needed for CSSImageValue.
,
Aug 29
,
Aug 29
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/97ca57e38276d1c6e5590f9ce36e455fd3410673 commit 97ca57e38276d1c6e5590f9ce36e455fd3410673 Author: Tommy Steimel <steimel@chromium.org> Date: Wed Aug 29 20:19:00 2018 [Media Controls] Define loading mask background in UA sheet This CL changes the loading panel mask backgrounds to have their images defined in the main UA CSS instead of the inserted stylesheet. This fixes an issue where the loading spinner was broken by content security policy. Bug: 878415 Change-Id: Iaa78fbe810fe900d3abe39d03302250b7b9fade7 Reviewed-on: https://chromium-review.googlesource.com/1195719 Reviewed-by: Becca Hughes <beccahughes@chromium.org> Commit-Queue: Tommy Steimel <steimel@chromium.org> Cr-Commit-Position: refs/heads/master@{#587270} [modify] https://crrev.com/97ca57e38276d1c6e5590f9ce36e455fd3410673/third_party/blink/renderer/modules/media_controls/elements/media_control_loading_panel_element.cc [modify] https://crrev.com/97ca57e38276d1c6e5590f9ce36e455fd3410673/third_party/blink/renderer/modules/media_controls/resources/modernMediaControls.css [modify] https://crrev.com/97ca57e38276d1c6e5590f9ce36e455fd3410673/third_party/blink/renderer/modules/media_controls/resources/modernMediaControls_loading.css
,
Aug 29
,
Aug 30
Verified the fix on Mac 10.13.1 using Chrome version #70.0.3537.0 as per the comment #0. Attaching screen cast for reference. Observed the loading spinner and no errors are seen in console. Hence, the fix is working as expected. Adding the verified labels. Note: Able to reproduce the issue on chrome version with out fix. Thanks...!! |
||||
►
Sign in to add a comment |
||||
Comment 1 by steimel@chromium.org
, Aug 28Status: Assigned (was: Untriaged)