Re: changes in csp config doesn't seem to change csp header

Peter Dähn Fri, 22 May 2020 07:54:46 -0700

Hi Maxim,

I missed this change... But if I try to change header.csp.image


this ends up like this...



Greetings Peter

Am 22.05.20 um 16:43 schrieb Maxim Solodovnik:

yep
this huge config param was splitted
please check here
https://builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/site/openmeetings-server/GeneralConfiguration.html

On Fri, 22 May 2020 at 21:40, Peter Dähn <[email protected]> wrote:

Hi together,

after latest update of OM to Revision aa09332 I get following error:


*Refused to load the image 'https://HOST/portrait' because it violates the
following Content Security Policy directive: "img-src 'self' 'self' data:
data:". *
Changing in csp header config to


*default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'
'unsafe-inline' 'unsafe-eval'; img-src 'self' HOST data:;
X-Content-Type-Options ''; *
and restart om doesn't change this behavior.

Do I do something wrong or is it a bug?

Greetings Peter

Re: changes in csp config doesn't seem to change csp header

Reply via email to