From 7b322ac85df181431248123614e6add5300ec94d Mon Sep 17 00:00:00 2001
From: kylecarbs <kyle@carberry.com>
Date: Sat, 9 Jul 2022 02:07:52 +0000
Subject: [PATCH] fix: Add https: to image CSP to allow external images

This broke external application icons.
---
 site/site.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/site/site.go b/site/site.go
index a8d1147381243..8e9528fa6aa71 100644
--- a/site/site.go
+++ b/site/site.go
@@ -280,7 +280,7 @@ func cspHeaders(next http.Handler) http.Handler {
 			// https: allows loading images from external sources. This is not ideal
 			// 	but is required for the templates page that renders readmes.
 			//	We should find a better solution in the future.
-			CSPDirectiveImgSrc:     {"'self' data:"},
+			CSPDirectiveImgSrc:     {"'self' https: data:"},
 			CSPDirectiveFormAction: {"'self'"},
 			CSPDirectiveMediaSrc:   {"'self'"},
 			// Report all violations back to the server to log