Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c801da4

Browse files
kylecarbskylecarbs
authored
fix: Add https: to image CSP to allow external images (coder#2870)
This broke external application icons.
1 parent 411caa2 commit c801da4

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

site/site.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -280,7 +280,7 @@ func cspHeaders(next http.Handler) http.Handler {
280280
// https: allows loading images from external sources. This is not ideal
281281
// but is required for the templates page that renders readmes.
282282
// We should find a better solution in the future.
283-
CSPDirectiveImgSrc: {"'self' data:"},
283+
CSPDirectiveImgSrc: {"'self' https: data:"},
284284
CSPDirectiveFormAction: {"'self'"},
285285
CSPDirectiveMediaSrc: {"'self'"},
286286
// Report all violations back to the server to log

0 commit comments

Comments
 (0)