Skip to content

Commit c801da4

Browse files
kylecarbskylecarbs
authored
fix: Add https: to image CSP to allow external images (#2870)
This broke external application icons.
1 parent 411caa2 commit c801da4

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

site/site.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -280,7 +280,7 @@ func cspHeaders(next http.Handler) http.Handler {
280280
// https: allows loading images from external sources. This is not ideal
281281
// but is required for the templates page that renders readmes.
282282
// We should find a better solution in the future.
283-
CSPDirectiveImgSrc: {"'self' data:"},
283+
CSPDirectiveImgSrc: {"'self' https: data:"},
284284
CSPDirectiveFormAction: {"'self'"},
285285
CSPDirectiveMediaSrc: {"'self'"},
286286
// Report all violations back to the server to log

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy