: Defer img loading / CSP: allow embeded img My website is defering some img loading by setting the img src value by JavaScript (from the img data-src value). In order to have still valid HTML

Posted in: #ContentSecurityPolicy #Html #Http

My website is defering some img loading by setting the img src value by JavaScript (from the img data-src value). In order to have still valid HTML as long as the URL is not set to img src, I am setting src to an inline embeded img like this:

<img src="data:image/png;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs="
data-src="URL-TO-REAL-IMAGE.png">

This works fine, but shows an error at the browser console (Firefox, Chrome):

Refused to load the image
'data:image/png;base64,R0lGODlhAQABAAD/ACwAAAAAAQABAAACADs=' because
it violates the following Content Security Policy directive:
"default-src 'self' * 'unsafe-inline'". Note that 'img-src' was not
explicitly set, so 'default-src' is used as a fallback.

Shouldn't 'unsafe-inline' allow exactly this? I'm confused.

10.01% popularity Vote Up Vote Down

: Why does my site show up for keyword that is not even on my site? I have a problem to disassociate a website form unwanted keyword. I don't want my page to be on the SERP for that specific

@Courtney195

Posted in: #Keywords #Seo #Serps

1 Comments

: Session drop to -77% in Chrome browser I have used GTM and GA to implement analytics for one of my client. Last week all of a sudden there is a session drop to -77% in chrome browser. This

@Courtney195

Posted in: #GoogleAnalytics #GoogleChrome #GoogleTagManager #PageViews #Session

0 Comments

: Google position volatility (Webmaster Tools) ok guys, so i guess this question might also be abouth Google math. so my webpage is new (redesigned) and my SEO is quite better than the one i

@Courtney195

Posted in: #GoogleSearch #GoogleSearchConsole #Seo #SeoAudit

1 Comments

: Google search results go to 404 after migrating domain I used to have 2 hosting accounts on GoDaddy, but I recently combined everything into one. Which meant that I transferred my domain and

@Courtney195

Posted in: #Dns #Godaddy #GoogleSearch #GoogleSearchConsole

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Megan663

According to content-security-policy.com/ you need to use the CSP

img-src 'self' data:

Allows loading resources via the data scheme (eg Base64 encoded images).

unsafe-inline appears to be only relevant for javascript sources, not image sources.

10% popularity Vote Up Vote Down

Feed

: Defer img loading / CSP: allow embeded img My website is defering some img loading by setting the img src value by JavaScript (from the img data-src value). In order to have still valid HTML

More posts by @Courtney195

: Why does my site show up for keyword that is not even on my site? I have a problem to disassociate a website form unwanted keyword. I don't want my page to be on the SERP for that specific

: Session drop to -77% in Chrome browser I have used GTM and GA to implement analytics for one of my client. Last week all of a sudden there is a session drop to -77% in chrome browser. This

: Google position volatility (Webmaster Tools) ok guys, so i guess this question might also be abouth Google math. so my webpage is new (redesigned) and my SEO is quite better than the one i

: Google search results go to 404 after migrating domain I used to have 2 hosting accounts on GoDaddy, but I recently combined everything into one. Which meant that I transferred my domain and

Login to post a comment!

1 Comments

Back to top | Use Dark Theme