From 75b778600b8a401dcfeea070ec3a7383f8a7cab9 Mon Sep 17 00:00:00 2001
From: Dani Garcia <dgarcia@irontec.com>
Date: Fri, 30 Aug 2024 08:53:33 +0200
Subject: [PATCH] portal: allow blob as img-src in CSP

---
 .../apache2/sites-available/020-ivozprovider-portals.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/profiles/portal/etc/apache2/sites-available/020-ivozprovider-portals.conf b/profiles/portal/etc/apache2/sites-available/020-ivozprovider-portals.conf
index b7cbafab8a..0dd2b5f99f 100644
--- a/profiles/portal/etc/apache2/sites-available/020-ivozprovider-portals.conf
+++ b/profiles/portal/etc/apache2/sites-available/020-ivozprovider-portals.conf
@@ -39,7 +39,7 @@ Alias /platform /opt/irontec/ivozprovider/web/portal/platform/dist
     </Limit>
 
     Header set X-Frame-Options SAMEORIGIN
-    Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;"
+    Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:; img-src 'self' data: blob:"
 
     <IfModule mod_rewrite.c>
         RewriteEngine On
@@ -64,7 +64,7 @@ Alias /brand /opt/irontec/ivozprovider/web/portal/brand/dist
     </Limit>
 
     Header set X-Frame-Options SAMEORIGIN
-    Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;"
+    Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:; img-src 'self' data: blob:"
 
     <IfModule mod_rewrite.c>
         RewriteEngine On
@@ -90,7 +90,7 @@ Alias /client /opt/irontec/ivozprovider/web/portal/client/dist
     </Limit>
 
     Header set X-Frame-Options SAMEORIGIN
-    Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;"
+    Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:; img-src 'self' data: blob:"
 
     <IfModule mod_rewrite.c>
         RewriteEngine On
@@ -117,7 +117,7 @@ Alias /user /opt/irontec/ivozprovider/web/portal/user/dist
     </Limit>
 
     Header set X-Frame-Options SAMEORIGIN
-    Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;"
+    Header set Content-Security-Policy "default-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.googleapis.com 'unsafe-inline'; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' blob:;  img-src 'self' data: blob:"
 
     <IfModule mod_rewrite.c>
         RewriteEngine On