+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: Missing favicon.ico is blocked by CSP? (/showthread.php?tid=77386)
Missing favicon.ico is blocked by CSP? - blaasvaer - 08-25-2020
How do I get rid of this error:
Code:
Content Security Policy: The page’s settings blocked the loading of a resource at [url=http://localhost/favicon.ico]http://localhost/favicon.ico[/url] (“default-src”).This is the browser defaulting to a favicon probably because I haven't set one specifically. But how do I get rid of this? I've tried looking into the CSP of CI4 but it makes no sense in this regard. The browser is asking for a 'default' (expected) favicon.ico which I don't want to provide ... how do I tell the browser to go f... itself (in a nice and polite way of course ; ) )?
Where do I whitelist stuff for this?
RE: Missing favicon.ico is blocked by CSP? - Chroma - 08-27-2020
Are you sure that this has anything to do with CI, that looks like it is being done by the browser?
For the loading of images etc, I have a rule in my .htaccess that allows for the direct downloading of icons and images.
RE: Missing favicon.ico is blocked by CSP? - blaasvaer - 08-27-2020
Correct, this is done by the browser by default. But 'the world' hasn't seemed to be able to come up with ONE single solution to this, but each developer has to figure out how to go about it themselves. It SHOULD have been dealt with in the browser, as in: the browser makes a request for a favicon.ico (lame defaulting if you ask me), it then gets a 404 error ... now, from here on the browser should simply ignore this. This is pure ising, and has nothing to do with things 'breaking' or not working properly and what not ... so, basically implemented with no thought going into it, really.
And this was initially 'invented' by Microsoft ... so, no wonder it's flawed like hell.
RE: Missing favicon.ico is blocked by CSP? - InsiteFX - 08-27-2020
CSP Evaluator
RE: Missing favicon.ico is blocked by CSP? - egranty - 11-23-2020
(08-25-2020, 03:52 AM)blaasvaer Wrote: How do I get rid of this error:
Code:Content Security Policy: The page’s settings blocked the loading of a resource at [url=http://localhost/favicon.ico]http://localhost/favicon.ico[/url] (“default-src”).
Where do I whitelist stuff for this?
Edit the file /app/Config/ContentSecurityPolicy.php and change img-src directive setup to:
PHP Code:
public $imageSrc = 'self' localhost;
As you work in Dev - localhost will be used as 'self' and Content Security Policy will not block favicon. But if yo do not have /favicon.ico in the root - you'll have 404 Not found in server logs.
(08-27-2020, 05:16 AM)blaasvaer Wrote: And this was initially 'invented' by Microsoft ... so, no wonder it's flawed like hell.Apple do the same - it auto try to found in the server a lot favicons of different sizes. Therefore you have a lot of 404 in logs for: apple-touch-icon-57x57.png, apple-touch-icon-120x120.png etc if you have visitors with iOS/MacOS
RE: Missing favicon.ico is blocked by CSP? - InsiteFX - 11-23-2020
icons should be in the same place as index.php