Content Security Policy and input type file

Asked 8 years, 2 months ago

Viewed 891 times

I have an <input type="file"> to upload an image file.

The project I work on have CSP settings and what I'm currently getting is this:

Refused to load the image 'c:\fakepath\avatar.jpg' because it violates the following Content Security Policy directive: "img-src * 'self' data: localhost:7331".

How to allow for this kind of upload?
Why is is it sayind fakepath where there is actually a path for this file named differently?

edited Sep 26, 2017 at 22:05

sideshowbarker

89.2k30 gold badges219 silver badges216 bronze badges

asked Sep 26, 2017 at 17:34

mdmb

5,3319 gold badges52 silver badges99 bronze badges

As far as the reason for the fakepath part, see html.spec.whatwg.org/multipage/input.html#fakepath-orly and html.spec.whatwg.org/multipage/input.html#fakepath-srsly

sideshowbarker
– sideshowbarker

2017-09-26 22:13:31 +00:00
Commented Sep 26, 2017 at 22:13
1

You probably want to edit/update your question to show the relevant part of HTML markup for the document and the JavaScript code you’re trying to us to manipulate that file once it’s uploaded. In the mean time though, you might want to see stackoverflow.com/questions/18254118/… and stackoverflow.com/questions/6365858/…

sideshowbarker
– sideshowbarker

2017-09-26 22:14:41 +00:00
Commented Sep 26, 2017 at 22:14

Add a comment |

0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

Content Security Policy and input type file

0

Linked

Hot Network Questions

Collectives™ on Stack Overflow

0

Know someone who can answer? Share a link to this question via email, Twitter, or Facebook.

Linked