Description of the issue: Wordpress pages with custom domains do not display all images from the Wordpress MEDIA folder on the live page. Images are being blocked (according to developer tools) due to cross-site scripting.
Steps to Reproduce (add as many as necessary): 1. 2. 3.
- In Wordpress, add an image to your page from your MEDIA collection. Save the page.
- In another browser window, open the page (not in editor mode). Note that the image is a broken image icon.
- Check developer tools. Note that the image is 403 prohibited due to cross-site scripting.
Actual Result (gifs and screenshots are welcome!):
I have contacted Wordpress support. They have told me that this is an issue with the very tight security settings in Brave. I can confirm that the site looks fine in Edge (for example).
The issue appears to be custom domains. My site is [mysite].com (it is private). But my images are all referenced as [mysite].images.wordpress.com – and this appears to be an issue with Brave.
- If I turn on all cookies (not blocking anything, not even cross-site cookies), then the images appear normally.
- If I put the shields down, the images appear normally.
- If is turn off my custom domain, and view the site as [mysite].wordpress.com, then the images appear normally.
- If I view the page in another browser, then the images appear normally.
Expected result: I should be able to see images on my site without turning off the Brave security features. I should not have to include a section on my page explaining how to configure their browser to see the page as intended.
Reproduces how often: I can reproduce this at will. All I have to do is turn on the setting to block cross-site cookies and clear my cache.
Operating System and Brave Version(See the
About Brave page in the main menu): I am using Windows 10 Home 22H2; I am using Brave Version 1.59.117 Chromium: 118.0.5993.70 (Official Build) (64 Bit)
Additional Information: Thanks in advance.