extend content security policy to allow data images

2021-07-24 19:15:03 +02:00 · 2021-07-24 19:15:03 +02:00 · a0d216c61d
parent b68af58321
commit a0d216c61d
1 changed files with 1 additions and 1 deletions
--- a/config/config.default.php
+++ b/config/config.default.php
@ -314,7 +314,7 @@ return [
        'X-Content-Type-Options'  => 'nosniff',
        'X-Frame-Options'         => 'sameorigin',
        'Referrer-Policy'         => 'strict-origin-when-cross-origin',
-        'Content-Security-Policy' => 'default-src \'self\' \'unsafe-inline\' \'unsafe-eval\'',
+        'Content-Security-Policy' => 'default-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; img-src \'self\' data:;',
        'X-XSS-Protection'        => '1; mode=block',
        'Feature-Policy'          => 'autoplay \'none\'',
        //'Strict-Transport-Security' => 'max-age=7776000',