Bug #16566

secure headers should allow inline images in css

Added by Tomer Brisker 6 months ago. Updated 6 months ago.

Status:Closed
Priority:Normal
Assigned To:Tomer Brisker
Category:Web Interface
Target version:Team Daniel - iteration 3
Difficulty: Bugzilla link:
Found in release:nightly Pull request:https://github.com/theforeman/foreman/pull/3850
Story points-
Velocity based estimate-
Release1.14.0Release relationshipAuto

Description

current security headers prevent images from loading images inlined in css, leading to errors such as:

jquery.js?27d9:10220 Refused to load the image 'data:image/gif;base64,R0lGODlhEAAQAPQAAP///wAAAPDw8IqKiuDg4EZGRnp6egAAAFhYW…zsPgMCEAY7Cg04Uk48LAsDhRA8MVQPEF0GAgqYYwSRlycNcWskCkApIyEAOwAAAAAAAAAAAA==' because it violates the following Content Security Policy directive: "img-src 'self' *.gravatar.com".

Related issues

Related to Foreman - Feature #9117: Update to secure_headers 3.x Closed 01/26/2015

Associated revisions

Revision e2b73df4
Added by Tomer Brisker 6 months ago

Fixes #16566 - Allow css inline images

Secure headers currently prevents inlining images in CSS using the
'data:' method. This commit adds that to the allowed image sources.

History

#1 Updated by The Foreman Bot 6 months ago

  • Status changed from Assigned to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3850 added

#2 Updated by Tomer Brisker 6 months ago

#3 Updated by Dominic Cleal 6 months ago

  • Release set to 1.14.0

#4 Updated by Anonymous 6 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#5 Updated by Daniel Lobato Garcia 6 months ago

  • Target version set to Team Daniel - iteration 3

Also available in: Atom PDF