From a7bf9728e30f53a5cfc3b295b5354dcfbf6440c0 Mon Sep 17 00:00:00 2001 From: Ben Busby Date: Wed, 5 May 2021 12:51:11 -0400 Subject: [PATCH] Allow 'data:' for img src in app CSP Disallowing base64 images in the app resulted in broken image placeholders for things like pronunciation guides, business reviews, etc. --- app/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/__init__.py b/app/__init__.py index a6dbd38..3340150 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -51,7 +51,7 @@ app.config['BANG_FILE'] = os.path.join( 'bangs.json') app.config['CSP'] = 'default-src \'none\';' \ 'manifest-src \'self\';' \ - 'img-src \'self\';' \ + 'img-src \'self\' data:;' \ 'style-src \'self\' \'unsafe-inline\';' \ 'script-src \'self\';' \ 'media-src \'self\';' \