Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Missing favicon.ico is blocked by CSP?
Missing favicon.ico is blocked by CSP?
  • Offline blaasvaer
    Member
  • ***
  • Posts: 89
    Threads: 44
    Joined: Feb 2016
    Reputation: 0
#1
08-25-2020, 03:52 AM
(This post was last modified: 08-25-2020, 04:06 AM by blaasvaer.)

How do I get rid of this error:
Code:
Content Security Policy: The page’s settings blocked the loading of a resource at [url=http://localhost/favicon.ico]http://localhost/favicon.ico[/url] (“default-src”).

This is the browser defaulting to a favicon probably because I haven't set one specifically. But how do I get rid of this? I've tried looking into the CSP of CI4 but it makes no sense in this regard. The browser is asking for a 'default' (expected) favicon.ico which I don't want to provide ... how do I tell the browser to go f... itself (in a nice and polite way of course ;  ) )?

Where do I whitelist stuff for this?
Reply
  • Offline Chroma
    Member
  • ***
  • Posts: 116
    Threads: 7
    Joined: Nov 2014
    Reputation: 1
#2
08-27-2020, 04:55 AM

Are you sure that this has anything to do with CI, that looks like it is being done by the browser?

For the loading of images etc, I have a rule in my .htaccess that allows for the direct downloading of icons and images.
Reply
  • Offline blaasvaer
    Member
  • ***
  • Posts: 89
    Threads: 44
    Joined: Feb 2016
    Reputation: 0
#3
08-27-2020, 05:16 AM
(This post was last modified: 08-27-2020, 05:25 AM by blaasvaer.)

Correct, this is done by the browser by default. But 'the world' hasn't seemed to be able to come up with ONE single solution to this, but each developer has to figure out how to go about it themselves. It SHOULD have been dealt with in the browser, as in: the browser makes a request for a favicon.ico (lame defaulting if you ask me), it then gets a 404 error ... now, from here on the browser should simply ignore this. This is pure ising, and has nothing to do with things 'breaking' or not working properly and what not ... so, basically implemented with no thought going into it, really.

And this was initially 'invented' by Microsoft ... so, no wonder it's flawed like hell.
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,326
    Threads: 290
    Joined: Oct 2014
    Reputation: 234
#4
08-27-2020, 05:31 AM

CSP Evaluator
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
  • Offline egranty
    Newbie
  • *
  • Posts: 5
    Threads: 0
    Joined: Nov 2020
    Reputation: 0
#5
11-23-2020, 10:16 AM
(This post was last modified: 11-23-2020, 10:17 AM by egranty.)

(08-25-2020, 03:52 AM)blaasvaer Wrote: How do I get rid of this error:
Code:
Content Security Policy: The page’s settings blocked the loading of a resource at [url=http://localhost/favicon.ico]http://localhost/favicon.ico[/url] (“default-src”).

Where do I whitelist stuff for this?

Edit the file /app/Config/ContentSecurityPolicy.php and change img-src directive setup to:
PHP Code:
public $imageSrc 'self' localhost

As you work in Dev - localhost will be used as 'self' and Content Security Policy will not block favicon. But if yo do not have /favicon.ico in the root - you'll have 404 Not found in server logs.

(08-27-2020, 05:16 AM)blaasvaer Wrote: And this was initially 'invented' by Microsoft ... so, no wonder it's flawed like hell.
Apple do the same - it auto try to found in the server a lot favicons of different sizes. Therefore you have a lot of 404 in logs for: apple-touch-icon-57x57.png, apple-touch-icon-120x120.png etc if you have visitors with iOS/MacOS
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,326
    Threads: 290
    Joined: Oct 2014
    Reputation: 234
#6
11-23-2020, 01:07 PM

icons should be in the same place as index.php
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB