I want to know what the difference is between blob: vs 'self' blob:. Will 'self' blob: pass all blob or just source from self?
Use case: Export functionality for my application is failing and adding 'self' blob: helps.
But can this have any security implications?
I'm looking for
'self' blob: vs blob:blob:'self' blob:What’s the Difference?
• blob:: This lets your app use any blob: URLs, no matter where they come from. It’s like a catch-all.
• self blob:: This restricts your app to only use blob: URLs that come from your own site. It’s a bit more controlled.
Security Implications:
• blob:: Since it’s open to any source, it can be risky. If some malicious blob URL gets in, it can do bad stuff, like stealing data or running harmful code.
• self blob:: This is safer because it only allows blob: URLs from your own site. It’s harder for bad guys to sneak in something harmful.
Your Use Case:
If adding self blob: fixes your export functionality, it’s likely because your app needs to be sure it’s only dealing with its own blob: data. This limits exposure to external threats and makes your app more secure.
So, using self blob: is a good move for security, as it helps prevent unwanted stuff from messing with your app. Just make sure your blob: URLs are correctly generated by your own site.
Hope this helps!