serve images for staging correctly, allow data URLs as img-src

author: Florian Dold <florian.dold@gmail.com> 2018-02-06 12:06:42 +0100
committer: Florian Dold <florian.dold@gmail.com> 2018-02-06 12:06:42 +0100
commit: 745cedfedd806f64ca26a7bb37068d932a4eb729 (patch)
tree: 3b1c637c3bcf13e833e6403803352284d45d5794 /etc/nginx/conf.d
parent: e87eaf6656b98f89c8b8c84ddaaffb861b3846dd (diff)
download: deployment-745cedfedd806f64ca26a7bb37068d932a4eb729.tar.gz
deployment-745cedfedd806f64ca26a7bb37068d932a4eb729.tar.bz2
deployment-745cedfedd806f64ca26a7bb37068d932a4eb729.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/nginx/conf.d/talerssl b/etc/nginx/conf.d/talerssl
index e5d5411..3aa9a47 100644
--- a/etc/nginx/conf.d/talerssl
+++ b/etc/nginx/conf.d/talerssl
@@ -10,5 +10,5 @@ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; prelo
 add_header X-XSS-Protection "1; mode=block";
 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-Content-Type-Options "nosniff";
-add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://buildbot.taler.net";
+add_header Content-Security-Policy "default-src 'self'; img-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' wss://buildbot.taler.net";
 add_header Referrer-Policy "same-origin";
author	Florian Dold <florian.dold@gmail.com>	2018-02-06 12:06:42 +0100
committer	Florian Dold <florian.dold@gmail.com>	2018-02-06 12:06:42 +0100
commit	745cedfedd806f64ca26a7bb37068d932a4eb729 (patch)
tree	3b1c637c3bcf13e833e6403803352284d45d5794 /etc/nginx/conf.d
parent	e87eaf6656b98f89c8b8c84ddaaffb861b3846dd (diff)
download	deployment-745cedfedd806f64ca26a7bb37068d932a4eb729.tar.gz deployment-745cedfedd806f64ca26a7bb37068d932a4eb729.tar.bz2 deployment-745cedfedd806f64ca26a7bb37068d932a4eb729.zip