CSP frame-src 'self' blocks external SVGs

Issue #8690562 • Assigned to wwatri

Details

Author
Shaun W.
Created
Aug 29, 2016
Privacy
This issue is public.
Found in
  • Microsoft Edge
Found in build #
13.10586
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

The following CSP blocks external SVGs in iframes:

frame-src 'self'

Minimal example reproduced here:
http://shaunstripe.github.io/csp-frame-src-for-svg

Expected: SVG should be visible (which is true for all other browsers)
Actual: SVG is blocked

Code to reproduce here:
https://github.com/shaunstripe/csp-frame-src-for-svg

Attachments

0 attachments

    Comments and activity

    • This also blocks data URI SVGs from loading as well.

    • Microsoft Edge Team

      Changed Assigned To to “Rick J.”

      Changed Assigned To to “wwatri”

    You need to sign in to your Microsoft account to add a comment.

    Sign in