CSP WARN: Directive img-src http://localhost:80 data://*:* violated by ...
In my situation I am using Greasemonkey to inject images to a PhpMyAdmin database browse page so I can administer my database. My PhpMyAdmin's version is 22.214.171.124.
First of all CSP stands for Content Security Policy. According to Wikipedia Content Security Policy is a computer security concept recommended by the W3C Working group to prevent cross-site scripting (XSS) and related attacks. CSP was originally developed by the Mozilla Foundation and was first implemented in Firefox 4.
Root Cause of this Problem
Therefore the real cause of this issue is the server's response header includes 'Content-Security-Policy' or 'X-Content-Security-Policy' with values that invalidate your injection of an image. To confirm look at the request in Firebug to see 'Response Header' and see if the following is part of the header:
x-content-security-policy ---- allow 'self'; options inline-script eval-script; frame-ancestors 'self'; img-src 'self' data:; script-src 'self' www.phpmyadmin.net
If so, you'll need to tell web server to remove 'x-content-security-policy' and that's it!
In my situation PhpMyAdmin is doing it. So to fix the issue I simply tell PhpMyAdmin to NOT use 'Content-Security-Policy' or 'X-Content-Security-Policy' header.
Find your PhpMyAdmin's library folder. Then find header_http.inc.php. In my case it's located at c:/wamp2.2/apps/phpmyadmin126.96.36.199/libraries/header_http.inc.php
In that file comment out the following line:
header('X-Content-Security-Policy: allow \'self\'; options inline-script eval-script; frame-ancestors \'self\'; img-src \'self\' data:; script-src \'self\' www.phpmyadmin.net');Save the change and try again!
If you use WAMP 2.4 you may edit C:\wamp2.4\apps\phpmyadmin4.0.4\libraries\Header.class.php by commenting out every line that sets the following headers:
Questions? Let me know!