Bug #16566
secure headers should allow inline images in css
| Status: | Closed | ||
|---|---|---|---|
| Priority: | Normal | ||
| Assigned To: |  Tomer Brisker | ||
| Category: | Web Interface | ||
| Target version: | Team Daniel - iteration 3 | ||
| Difficulty: | Bugzilla link: | ||
| Found in release: | nightly | Pull request: | https://github.com/theforeman/foreman/pull/3850 |
| Story points | - | ||
| Velocity based estimate | - | ||
| Release | 1.14.0 | Release relationship | Auto |
Description
current security headers prevent images from loading images inlined in css, leading to errors such as:
jquery.js?27d9:10220 Refused to load the image 'data:image/gif;base64,R0lGODlhEAAQAPQAAP///wAAAPDw8IqKiuDg4EZGRnp6egAAAFhYW…zsPgMCEAY7Cg04Uk48LAsDhRA8MVQPEF0GAgqYYwSRlycNcWskCkApIyEAOwAAAAAAAAAAAA==' because it violates the following Content Security Policy directive: "img-src 'self' *.gravatar.com".
Related issues
Associated revisions
Fixes #16566 - Allow css inline images
Secure headers currently prevents inlining images in CSS using the
'data:' method. This commit adds that to the allowed image sources.
History
#1
Updated by The Foreman Bot 11 months ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3850 added
#2
Updated by Tomer Brisker 11 months ago
- Related to Feature #9117: Update to secure_headers 3.x added
#3
Updated by Dominic Cleal 11 months ago
- Release set to 1.14.0
#4 Updated by Anonymous 11 months ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset e2b73df4f5aae74aaa73e60255b15c1b772fcf03.
#5
Updated by Daniel Lobato Garcia 11 months ago
- Target version set to Team Daniel - iteration 3