Page MenuHomeMiraheze

Whitelist imgbox.com and googleusercontent.com so images can be shown
Closed, ResolvedPublic

Description

Please whitelist imgbox.com and googleusercontent.com
Images can't be showed even if "Allow External Images" is checked in the wiki configuration. It is because of your CSP which sites not on your whitelist will still be denied access.

imgbox.com is just an image hosting site which we use a lot.
googleusercontent.com is used by Google Photos to host user-uploaded images.
Thank you.

Event Timeline

Revival triaged this task as Normal priority.May 18 2020, 08:55
Revival created this task.
Reception123 claimed this task.

The whitelist does not work properly because the link may contain subdomains, for example:
https://imgbox.com/images/imgbox_large.png <-- can display
https://images2.imgbox.com/00/00/9E2qE9Nw_o.jpg <-- CANNOT
https://lh6.googleusercontent.com/-Du5sjWWmXcU/TplK6DYjlnI/AAAAAAABHbY/5Di2rH_nEtY/w800-h400-c/P1050401_stitch.jpg <-- CANNOT

You need to add the following whitelist entries too:
'*.googleusercontent.com'
'*.imgbox.com'

No issues with those URLs.

Those images couldn't be shown in the wiki since it does not match the whitelist.
The whitelist only whitelists imgbox.com, but not *.imgbox.com
and whitelists googleusercontent.com, but not *.googleusercontent.com

AmandaCath subscribed.

Since Southparkfan has approved these changes, I will submit the pull request to implement them.

Please kindly add the following to the whitelist too:
'*.googleusercontent.com'
'*.imgbox.com'

Currently the whitelist only whitelist the main domain, but NOT the subdomains!
Those images couldn't display because the links contain subdomains, for example:
https://imgbox.com/images/imgbox_large.png <-- can display
https://images2.imgbox.com/00/00/9E2qE9Nw_o.jpg <-- CANNOT
https://lh6.googleusercontent.com/-Du5sjWWmXcU/TplK6DYjlnI/AAAAAAABHbY/5Di2rH_nEtY/w800-h400-c/P1050401_stitch.jpg <-- CANNOT

Thank you.

Reception123 added a subscriber: RhinosF1.

@Revival I'm sorry about how long it's taking, but currently our system doesn't allow those kind of whitelists, so we need to look into an alternative (@Paladox ?)

@Revival I'm sorry about how long it's taking, but currently our system doesn't allow those kind of whitelists, so we need to look into an alternative (@Paladox ?)

Sorry I don't get it. What're the technical issues? There are other sites which both the main domains and their subdomains are whitelisted, and they work perfectly fine.

Nevertheless, it's weird only the main domains are whitelisted for those two sites, but not their sub-domains. What's the point for that?

Reception123 added a subscriber: Zppix.

From other task adding:

'postimages.org'
'*.postimages.org'
'postimgs.org'
'*.postimgs.org'
'postimg.cc'
'*.postimg.cc'
'imgbb.com'
'*.imgbb.com'
'simgbb.com'
'*.simgbb.com'
'ibb.co'
'*.ibb.co'

Wildcard only supports for example *.x.x or *.x.x.x, the wild card does not allow for *.x.x to become x.x.x.x.

Wildcard only supports for example *.x.x or *.x.x.x, the wild card does not allow for *.x.x to become x.x.x.x.

The above sites do not have x.x.x.x as far as I can see.
It is enough to whitelist *.x.x and x.x.

Hello,
so my question is how can we now dispaly " like:

<img src="https://lh6.googleusercontent.com/-Du5sjWWmXcU/TplK6DYjlnI/AAAAAAABHbY/5Di2rH_nEtY/w800-h400-c/P1050401_stitch.jpg">

Is still get the error :

Refused to load the image 'https://lh6.googleusercontent.com/-Du5sjWWmXcU/TplK6DYjlnI/AAAAAAABHbY/5Di2rH_nEtY/w800-h400-c/P1050401_stitch.jpg' because it violates the following Content Security Policy directive:

lh3.googleusercontent.com is now whitelisted.

lh3.googleusercontent.com is now whitelisted.

Unfortunately it is not. Images from lh3.googleusercontent.com are still blocked.
BTW there are other subdomains like lh6, lh5, lh4. It does not make sense to only whitelist lh3.

Sorry to interrupt, currently the following domains are whitelisted:
url52: 'googleusercontent.com'
url53: 'imgbox.com'

This only whitelists the main domain, but not their subdomains.
Their images are hosted in their subdomains!

It is not the first time you whitelist all subdomains of a particular website. For example,
url16: '*.google.com'
url17: '*.gstatic.com'
url18: '*.addthis.com'
url19: '*.youtube.com'
url29: '*.googleapis.com'
url30: '*.twimg.com'
url33: '*.freenode.net'
url34: '*.sorcery.net'

I don't get it why only the main domains are whitelisted, but not their subdomains in this case.
Those whitelists do not make any sense and are essentially useless.

imgbox.com is a popular site which hosts images only. It is a perfectly safe website.
googleusercontent.com is owned by Google and user-uploaded images are hosted there. It is a perfectly safe website too.
To solve the issue, you simply need to add two lines to the whitelist, which are:
'*.imgbox.com'
'*.googleusercontent.com'

We have been waiting for months and this issue is still unresolved. This baffles us a lot. Many images are still broken.
Please kindly help us by adding two lines to the whitelist. Thank you very much.

Done should take effect in approx. 10 minutes

Zppix claimed this task.

Seems to be resolved now. If not feel free to reopen.