-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sharing a flickr link does not work well #7255
Comments
The CSP warning is unrelated. Also, this works fine for me on a current release with the embedded CSP enabled. Please share further information, for example if you have other "privacy enhancing" extensions installed or what pod you are on. Until then, this is invalid and worksforme, closing as such. |
The problem happened again today, after posting a flickr link. |
Okay, it seems to be just the "ajax-loader .gif" which is partly visible in the stream. ..behind the flickr content. |
I can reproduce that on the last |
When I share a short link from flickr ( https://flic.kr/p/MrGHfG ) on diaspora ( Code 0.6.1.0-pfc6e9168 ), I see a small preview image and a spinner image which does not finish.
I use chromium on linux with the uMatrix extension, but all relevant sources should be allowed.
It looks as if something failes to load.
The developer tools show this message:
widgets.js?_=1482065508609:9 The Content Security Policy 'default-src 'none'; child-src 'self' www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com www.instagram.com; connect-src 'self' embedr.flickr.com geo.query.yahoo.com nominatim.openstreetmap.org api.github.com; font-src 'self'; form-action 'self' platform.twitter.com syndication.twitter.com www.paypal.com; frame-ancestors 'self'; img-src data: *; media-src https: data:; script-src 'self' 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com embedr.flickr.com platform.instagram.com 'unsafe-inline' 'nonce-bScZH4uh23P/yyBnr3O3eeSQHTdAz3HA3Zb2sa6Vces='; style-src 'self' 'unsafe-inline' platform.twitter.com *.twimg.com' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header. t @ widgets.js?_=1482065508609:9
I don't know if this is a diaspora issue or something else.
The text was updated successfully, but these errors were encountered: