Content-Security-Policy of images with GDrive on epub reader wrong

[mudream4869]

Describe the bug/problem

The image in epub viewer doesn't show due to Content Security Policy.

Refused to load the stylesheet 'blob:http://localhost:8083/acb1e319-44e0-4e50-a62a-2e8ddd1ea961' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.

Relative: #3060

[OzzieIsaacs]

Could you please send me the book in question via private email (email address from my profile page). I'd like to reproduce the issue myself

[mudream4869]

calibre-web/cps/web.py

Line 100 in a0728b0

if request.endpoint == "edit-book.show_edit_book" or config.config_use_google_drive:

It seems this bug will appear when google drive API is enabled.

An epub3 sample book: Accessible EPUB 3 can reproduce this bug.

I have a hot-fix and it just works for my conditions, but I'm not sure if its logic is ok.

    if request.endpoint == "edit-book.show_edit_book":
        csp += " *;"
    elif request.endpoint == "web.read_book":
        csp += " blob:; style-src-elem 'self' blob: 'unsafe-inline';"
    elif config.config_use_google_drive:
        csp += " *;"
    else:
        csp += ";"
    csp += " object-src 'none';"

[OzzieIsaacs]

Please check the newest nightly version, should work now (hopefully without side effects)