nginx: allow images from data urls in CSP

author: Mike Crute <mike@crute.us> 2019-12-10 22:06:40 +0000
committer: Mike Crute <mike@crute.us> 2019-12-10 22:07:43 +0000
commit: 2ed82fd6cd7844ef7988cd08397d4d873491c844 (patch)
tree: df4f14b54f006de0805fdd651d40aadf38b407fe
parent: de874a1e66561d0db87ea7e3703f57f7ae4cbe00 (diff)
download: dockerfiles-2ed82fd6cd7844ef7988cd08397d4d873491c844.tar.bz2
dockerfiles-2ed82fd6cd7844ef7988cd08397d4d873491c844.tar.xz
dockerfiles-2ed82fd6cd7844ef7988cd08397d4d873491c844.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/nginx-common/conf/includes/default_csp.conf b/nginx-common/conf/includes/default_csp.conf
index 07ac20c..86a917e 100644
--- a/nginx-common/conf/includes/default_csp.conf
+++ b/nginx-common/conf/includes/default_csp.conf
@@ -1 +1 @@
-add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'" always;
+add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;" always;
author	Mike Crute <mike@crute.us>	2019-12-10 22:06:40 +0000
committer	Mike Crute <mike@crute.us>	2019-12-10 22:07:43 +0000
commit	2ed82fd6cd7844ef7988cd08397d4d873491c844 (patch)
tree	df4f14b54f006de0805fdd651d40aadf38b407fe
parent	de874a1e66561d0db87ea7e3703f57f7ae4cbe00 (diff)
download	dockerfiles-2ed82fd6cd7844ef7988cd08397d4d873491c844.tar.bz2 dockerfiles-2ed82fd6cd7844ef7988cd08397d4d873491c844.tar.xz dockerfiles-2ed82fd6cd7844ef7988cd08397d4d873491c844.zip

diff --git a/nginx-common/conf/includes/default_csp.conf b/nginx-common/conf/includes/default_csp.conf index 07ac20c..86a917e 100644 --- a/nginx-common/conf/includes/default_csp.conf +++ b/nginx-common/conf/includes/default_csp.conf
@@ -1 +1 @@
	add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'" always;	add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;" always;