Skip to content

Commit 2c4642b

Browse files
billoneilbilloneil
committed
Fix CSP for 3rd party images
1 parent f555503 commit 2c4642b

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

stubbornjava-webapp/src/main/java/com/stubbornjava/webapp/StubbornJavaWebApp.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ private static HttpHandler contentSecurityPolicy(HttpHandler delegate) {
4141
.defaultSrc(ContentSecurityPolicy.SELF.getValue(), "https://*.stubbornjava.com")
4242
.scriptSrc(ContentSecurityPolicy.SELF.getValue(), "https://*.stubbornjava.com", "https://www.google-analytics.com", "data:")
4343
// Drop the wildcard when we host our own images.
44-
.imgSrc(ContentSecurityPolicy.SELF.getValue(), "https://*.stubbornjava.com", "https://www.google-analytics.com", "data:")
44+
.imgSrc(ContentSecurityPolicy.SELF.getValue(), "https://*.stubbornjava.com", "https://www.google-analytics.com", "data:", "*")
4545
.connectSrc(ContentSecurityPolicy.SELF.getValue(), "https://*.stubbornjava.com", "https://www.google-analytics.com")
4646
.fontSrc(ContentSecurityPolicy.SELF.getValue(), "https://*.stubbornjava.com", "data:")
4747
.styleSrc(ContentSecurityPolicy.SELF.getValue(), ContentSecurityPolicy.UNSAFE_INLINE.getValue(), "https://*.stubbornjava.com")

0 commit comments

Comments
 (0)