Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image previewer with FileSystemProvider fails security-policy #49278

Closed
ghost opened this issue May 5, 2018 · 4 comments
Closed

Image previewer with FileSystemProvider fails security-policy #49278

ghost opened this issue May 5, 2018 · 4 comments
Assignees
@mjbvz
Labels
bug Issue identified by VS Code Team member as probable bug verified Verification succeeded
Milestone
May 2018

Comments

@ghost
Copy link

ghost commented May 5, 2018
edited by ghost

  • VSCode Version: 1.23
  • OS Version: Win 8.1

Steps to Reproduce:

  1. Open image from a folder served by a filesystemprovider
  2. Check the dev log

It seems that the image previewer is set to disallow anything but data: and https:

Error:

internal/process/next_tick.js:109 Refused to load the image 'sftp://sync@server.net/var/www/favicon.ico' because it violates the following Content Security Policy directive: "img-src 'self' https: data:".

For easy reproduction I can confirm that the issue is present in the "official" MemFS extension as well.

Does this issue occur when all extensions are disabled?: Yes
@ghost ghost changed the title Media previewer with custom FileSystemProvider Image previewer with custom FileSystemProvider fails security-policy May 5, 2018
@ghost ghost changed the title Image previewer with custom FileSystemProvider fails security-policy Image previewer with FileSystemProvider fails security-policy May 5, 2018
@mjbvz mjbvz added the bug Issue identified by VS Code Team member as probable bug label May 7, 2018
@mjbvz mjbvz added this to the May 2018 milestone May 7, 2018
@mjbvz mjbvz closed this as completed in a5f35c0 May 7, 2018
@eamodio
Copy link
Contributor

eamodio commented May 8, 2018

@mjbvz I think it is this change, but all my resources using the new webview are all getting access denied now. How can I fix this?

@mjbvz
Copy link
Contributor

mjbvz commented May 8, 2018

Unlikely a5f35c0 caused it. Please open another issue if you are seeing problems

@jrieken jrieken added the verification-steps-needed Steps to verify are needed for verification label May 31, 2018
@mjbvz
Copy link
Contributor

mjbvz commented Jun 1, 2018

To verify:

  • In a non local folder
  • Open a image file

The image should now be displayed properly

@mjbvz mjbvz removed the verification-steps-needed Steps to verify are needed for verification label Jun 1, 2018
@chrmarti
Copy link
Contributor

chrmarti commented Jun 5, 2018

Verified with MemFS.

@chrmarti chrmarti added the verified Verification succeeded label Jun 5, 2018
@vscodebot vscodebot bot locked and limited conversation to collaborators Jun 21, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mjbvz mjbvz

Labels
bug Issue identified by VS Code Team member as probable bug verified Verification succeeded
Projects
None yet
Milestone
May 2018
Development

No branches or pull requests
4 participants
@eamodio @jrieken @chrmarti @mjbvz