Commitc801da4

authored

fix: Add https: to image CSP to allow external images (#2870)

This broke external application icons.

1 parent411caa2 commitc801da4Copy full SHA for c801da4

File tree

-1

lines changed

-1

lines changed

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -280,7 +280,7 @@ func cspHeaders(next http.Handler) http.Handler {`
`280`	`280`	`// https: allows loading images from external sources. This is not ideal`
`281`	`281`	`// but is required for the templates page that renders readmes.`
`282`	`282`	`//We should find a better solution in the future.`
`283`		`-CSPDirectiveImgSrc: {"'self' data:"},`
	`283`	`+CSPDirectiveImgSrc: {"'self'https:data:"},`
`284`	`284`	`CSPDirectiveFormAction: {"'self'"},`
`285`	`285`	`CSPDirectiveMediaSrc: {"'self'"},`
`286`	`286`	`// Report all violations back to the server to log`

Comments

(0)