Empty Image
The default avatar should take back to ui-avatars but im not getting an image..
39 Replies
Thats inspect element, and going to that url does have an image
the 'APP_URL' in the project .env file must be same as the actaul url, for example if the url in the browser is
"http://127.0.0.1.." then .env must have the same as 'APP_URL'.
Sound unrelated. This is an image from a different page.
Did you check console or network tab for errors? Did you open the URL and see whether it works?
Opened url from inspect element. Works fine. No errors either
Hm, that’s weird. What if you inspect it inside network tab. What’s the response?
I shall have to check tomorrow when I'm at work
Thats dead, but cant find anything to tell me why
Shouldnt be coz im on localhost?
So there is an error. Can you shre the whole line?
Also also the
Response tab? Or is it just empty?
It's probably because you try to embed https:// on a non-secure siteResponse tab always gives me this, no matter what im inspecting
Thats all it gives.
When I double click on it, the image shows (redirects to the link)
How do I avoid that for local development?
Make your site secure
Should be easy with Valet or Herd. Not sure what tools you use
Neither of them, just a basic docker container
Well, then I can't help 😅
No worries haha. Cheers anyway. As long as it would likely work on a live server
Can you share the line with the details on the right closed?
Content Security Policy is blocking content
I think its nginx config
Found this line in the nginx config
yes these the allowed domains
you can add ui-avatars.com
Whats the correct syntax for it (A colleague wrote this config file)
just ui-avatars.com. Do I need any of the 'self' stuff?
for testing only
change
img-src 'self' data: blob:
to
img-src '*':
Nah, didnt change anything
rebuild the container?
Yeah, did that
🤔 the add_header Content-Security-Policy is tricky
you can ofc commente it out with hash
#
and testSo its no longer red, but blocked by something else
Assuming, thats this line of the config:
add_header Cross-Origin-Opener-Policy "same-origin";
ya that too
same-origin to *
this is totally not secure approach please dont tell your colleague I told you to use *
😂
I shant, its only for testing locally anyway. Config is setup differently for staging/prod servers I believe
🤣
Hmm, still same error
add inside the
location /
add_header Access-Control-Allow-Origin "*";Ah, we're working
It was the Cross-Origin-Embedder-Policy: was set to require-corp
So now I know it defo works, I can leave it for now. Danke 🙂
lcoal