Commit 1080f299 authored by Nicolas Pernoud's avatar Nicolas Pernoud
Browse files

fix: added data: to allowed img-src in csp

parent 06c66298
Pipeline #4963 passed with stages
in 2 minutes and 50 seconds
......@@ -50,7 +50,7 @@ func (s webSecurityWriter) WriteHeader(code int) {
cspHeader = cspHeader + fmt.Sprintf("; frame-ancestors %v", s.source)
}
} else { // If not, forge a default CSP Header
cspHeader = fmt.Sprintf("default-src %[1]v 'self'; img-src %[1]v 'self' blob: ; script-src 'self' %[1]v %[2]v; style-src 'self' 'unsafe-inline'; frame-src http: %[1]v; frame-ancestors %[1]v", s.source, inline)
cspHeader = fmt.Sprintf("default-src %[1]v 'self'; img-src %[1]v 'self' blob: data: ; script-src 'self' %[1]v %[2]v; style-src 'self' 'unsafe-inline'; frame-src http: %[1]v; frame-ancestors %[1]v", s.source, inline)
}
// Set the resulting CSP Header
s.w.Header().Set("Content-Security-Policy", cspHeader)
......
......@@ -42,7 +42,7 @@
</div>
<div class="navbar-menu">
<div class="navbar-end">
<div class="navbar-item"><p>v4.3.7</p></div>
<div class="navbar-item"><p>v4.3.8</p></div>
</div>
</div>
</nav>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment