smilies problem

[Tealk]

Hallo,

I have the following display errors with smilies

 

[Chris D]

Unfortunately, this is highly unlikely to be a bug.

In fact, it looks like a server issue. I had a look on your site in the browser console on the smilies help page:

Refused to load the image 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7' because it violates the following Content Security Policy directive: "default-src * 'self' 'unsafe-inline' 'unsafe-eval' ". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

The URL it's failing to load there is down to your CSP settings on the server. The URL is a transparent placeholder image which we use for sprites. We do it this way as it saves us having to provide a transparent image or generate one in other ways, and it avoids unnecessary web server requests and potentially base URL issues. So it's a slightly different approach to XF1 but there's good reasons for it.

I think that should sort it out. It loos like the smilie sprites are all messed up as a result of this, but it's because the text (which is usually hidden when the transparent image loads) is extending the width of the sprite and messing up its coordinates.

 

[Bryan]

This can be fixed by adding this to your CSP header:

img-src data:

 

[Tealk]

I had to insert this:

img-src 'self' 'unsafe-inline' 'unsafe-eval' data: ;

thanks for your help

Too bad that the "Content-Security-Policy" caused so much damage to XenForo