Skip to content

[Bug]: CSP Error when trying to display an attachment #209

@mascali33

Description

@mascali33

Description

When a mail contains an attachment that can be displayed, the CSP Policy blocks the attempt to load the blob.

Steps to Reproduce

  1. Go to a mail with an attachment
  2. Try to display attachment
  3. Get a browser error / console error (Framing 'blob:https://bulwark./2f8...' violates the following Content Security Policy directive: "frame-src 'none'". The request has been blocked.)

Expected Behavior

The attachment should display

Actual Behavior

The browser blocks the frame containing the blob with attachment

Bulwark Version

1.4.14

Stalwart Mail Server Version

No response

Browser

Chrome / Chromium

Operating System

Linux

Screenshots / Screen Recording

No response

Relevant Logs or Error Output

Additional Context

It seems like the problem is the proxy.ts setting frame-src to none:

`frame-src 'none'`,

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions