Description
When a mail contains an attachment that can be displayed, the CSP Policy blocks the attempt to load the blob.
Steps to Reproduce
- Go to a mail with an attachment
- Try to display attachment
- Get a browser error / console error (Framing 'blob:https://bulwark./2f8...' violates the following Content Security Policy directive: "frame-src 'none'". The request has been blocked.)
Expected Behavior
The attachment should display
Actual Behavior
The browser blocks the frame containing the blob with attachment
Bulwark Version
1.4.14
Stalwart Mail Server Version
No response
Browser
Chrome / Chromium
Operating System
Linux
Screenshots / Screen Recording
No response
Relevant Logs or Error Output
Additional Context
It seems like the problem is the proxy.ts setting frame-src to none:
Description
When a mail contains an attachment that can be displayed, the CSP Policy blocks the attempt to load the blob.
Steps to Reproduce
Expected Behavior
The attachment should display
Actual Behavior
The browser blocks the frame containing the blob with attachment
Bulwark Version
1.4.14
Stalwart Mail Server Version
No response
Browser
Chrome / Chromium
Operating System
Linux
Screenshots / Screen Recording
No response
Relevant Logs or Error Output
Additional Context
It seems like the problem is the proxy.ts setting frame-src to none:
webmail/proxy.ts
Line 26 in 1689315