Commit 862eaaa3 authored by Konrad Borowski's avatar Konrad Borowski

Disallow loading images from HTTP

parent 214840f4
Pipeline #91970026 passed with stage
in 26 minutes and 4 seconds
......@@ -18,7 +18,7 @@ impl Session {
"script-src 'self' 'nonce-{nonce}' 'strict-dynamic'; ",
"style-src 'self' 'unsafe-inline'; ",
"connect-src 'self'; ",
"img-src * data:; ",
"img-src https: data:; ",
"object-src 'none'; ",
"base-uri 'none'; ",
"form-action 'self'; ",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment