Steps to replicate the issue (include links if applicable):
- Ensure: - mw.loader.load('//en.wikisource.org/w/index.php?title=User:ShakespeareFan00/jump_to_file/load.js&action=raw&ctype=text/javascript'); is present in the common.js for your Wikisource account.
- https://en.wikisource.org/w/index.php?title=Page:Men_of_the_Time,_eleventh_edition.djvu/754&action=edit
- Tools - High res options ->Load hi-res images.
What happens?:
"12:40:45.238 Content-Security-Policy: The page's settings blocked the loading of a resource at https://iiif.archive.org/iiif/mentimeadiction06coopgoog$754/info.json ("default-src"). openseadragon.js:2402:24"
12:40:45.238 Content-Security-Policy: The page's settings observed the loading of a resource at https://iiif.archive.org/iiif/mentimeadiction06coopgoog$754/info.json ("default-src"). A CSP report is being sent. openseadragon.js:2402:24
What should have happened instead?:
But for the CSP changes, the script (and associated toolforge hosted utility would have loaded the relevant hi-res scan from IA directly.
What the script does :-
The script uses metadata (at Commons), to access the high quality scans hosted on IA (using IIIF) , to work-around image quality issues (such as overcompressed PDF's) that have generated "junk" OCR, or are not clear enough to transcribe/proofread from using the Commons file (and generated thumbnails thereof).
IIIF is a recognised protocol, utilised by a number of GLAM organisations including the Internet Archive. https://iiif.archive.org/iiif/documentation
How could this issue be resolved:
This issue can be resolved by whitelisting the relevant IIIF servers (and only those servers) and forms of IIIF based links offered by the site concerned (and only those forms).