Skip to content

Audio attachments in the live view blocked by Content Security Policy #2060

Description

@dhimmel

Description

Spans containing binary audio content (gen_ai.input.messages blob parts, recorded via pydantic-ai's InstrumentationSettings(include_binary_content=True)) render an audio player widget in the span details, but pressing play never works.

The browser console shows the page CSP blocks the player's blob URL:

Loading media from 'blob:https://logfire-us.pydantic.dev/<uuid>' violates the following Content Security Policy directive: "default-src 'self'". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback. The action has been blocked.

blob: URLs do not match 'self', so with no explicit media-src, every audio (and presumably video) attachment is unplayable.

Looks like:

Image

Python, Logfire & OS Versions, related packages (not required)

SDK: logfire 4.37.0, pydantic-ai 2.5.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions