Fix CSP: allow wp.com image proxy for Gravatar redirects
All checks were successful
Build & Push Container Image / build (push) Successful in 6s
All checks were successful
Build & Push Container Image / build (push) Successful in 6s
Gravatar 302 redirects to i0.wp.com for default/fallback avatars. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jan Willem Mannaerts
parent
4d8c2a301c
commit
99cdd5b102
1 changed files with 1 additions and 1 deletions
|
|
@ -59,7 +59,7 @@ app.use((_req, res, next) => {
|
||||||
"script-src 'self'",
|
"script-src 'self'",
|
||||||
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
|
"style-src 'self' 'unsafe-inline' https://fonts.googleapis.com",
|
||||||
`connect-src 'self' wss://${isProd ? new URL(frontendUrl).host : '*'}`,
|
`connect-src 'self' wss://${isProd ? new URL(frontendUrl).host : '*'}`,
|
||||||
"img-src 'self' https://*.atl-paas.net https://*.atlassian.com https://secure.gravatar.com https://*.gravatar.com data:",
|
"img-src 'self' https://*.atl-paas.net https://*.atlassian.com https://*.gravatar.com https://*.wp.com data:",
|
||||||
"font-src 'self' https://fonts.gstatic.com",
|
"font-src 'self' https://fonts.gstatic.com",
|
||||||
"object-src 'none'",
|
"object-src 'none'",
|
||||||
"base-uri 'self'",
|
"base-uri 'self'",
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue