Skip to content

Fix CSP to allow data: URIs for image upload#143

Open
M3shour wants to merge 1 commit intolinkwarden:mainfrom
M3shour:fix/csp-data-uri-image-upload
Open

Fix CSP to allow data: URIs for image upload#143
M3shour wants to merge 1 commit intolinkwarden:mainfrom
M3shour:fix/csp-data-uri-image-upload

Conversation

@M3shour
Copy link
Copy Markdown

@M3shour M3shour commented Apr 10, 2026
edited
Loading

Summary

  • The "Upload image from browser" feature converts selected images to base64 data: URIs, then fetches them to create a blob for upload
  • The current CSP connect-src directive ('self' http: https:) blocks data: scheme fetches, causing a NetworkError when attempting to fetch resource
  • Adding data: to connect-src resolves this

Closes linkwarden/linkwarden#1613
Related linkwarden/linkwarden#1629

Fix

One-line change in manifest.json: add data: to the connect-src CSP directive.

@M3shour
Fix CSP to allow data: URIs for image upload
11f297f 
The "Upload image from browser" feature converts images to base64 data
URIs, but the Content-Security-Policy connect-src directive blocks
data: scheme fetches, causing a NetworkError. Adding data: to
connect-src resolves this.
@inzar98
Copy link
Copy Markdown

inzar98 commented Apr 12, 2026

confirmed fix, works on Firefox/Zen Browser

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Browser Extension] CSP blocks "Upload image from browser" option on Firefox (connect-src data:)

2 participants

@M3shour @inzar98