portal: allow blob as img-src in CSP

irontec · Sep 2, 2024 · 75b7786 · 75b7786
1 parent e41bcc0
commit 75b7786
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/profiles/portal/etc/apache2/sites-available/020-ivozprovider-portals.conf b/profiles/portal/etc/apache2/sites-available/020-ivozprovider-portals.conf
@@ -39,7 +39,7 @@ Alias /platform /opt/irontec/ivozprovider/web/portal/platform/dist
  </Limit>
 
  Header set X-Frame-Options SAMEORIGIN
- Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;"
+ Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:; img-src 'self' data: blob:"
 
  <IfModule mod_rewrite.c>
  RewriteEngine On
@@ -64,7 +64,7 @@ Alias /brand /opt/irontec/ivozprovider/web/portal/brand/dist
  </Limit>
 
  Header set X-Frame-Options SAMEORIGIN
- Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;"
+ Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:; img-src 'self' data: blob:"
 
  <IfModule mod_rewrite.c>
  RewriteEngine On
@@ -90,7 +90,7 @@ Alias /client /opt/irontec/ivozprovider/web/portal/client/dist
  </Limit>
 
  Header set X-Frame-Options SAMEORIGIN
- Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;"
+ Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:; img-src 'self' data: blob:"
 
  <IfModule mod_rewrite.c>
  RewriteEngine On
@@ -117,7 +117,7 @@ Alias /user /opt/irontec/ivozprovider/web/portal/user/dist
  </Limit>
 
  Header set X-Frame-Options SAMEORIGIN
- Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;"
+ Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:; img-src 'self' data: blob:"
 
  <IfModule mod_rewrite.c>
  RewriteEngine On