Bug #16566: secure headers should allow inline images in css - Foreman

Bug #16566

secure headers should allow inline images in css

Added by Tomer Brisker over 2 years ago. Updated 9 months ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Web Interface

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/3850

Team Backlog:

Fixed in Releases:

Found in Releases:

Description

current security headers prevent images from loading images inlined in css, leading to errors such as:

jquery.js?27d9:10220 Refused to load the image 'data:image/gif;base64,R0lGODlhEAAQAPQAAP///wAAAPDw8IqKiuDg4EZGRnp6egAAAFhYW…zsPgMCEAY7Cg04Uk48LAsDhRA8MVQPEF0GAgqYYwSRlycNcWskCkApIyEAOwAAAAAAAAAAAA==' because it violates the following Content Security Policy directive: "img-src 'self' *.gravatar.com".

Related issues

Associated revisions

Revision e2b73df4 (diff)
Added by Tomer Brisker over 2 years ago

Fixes #16566 - Allow css inline images

Secure headers currently prevents inlining images in CSS using the
'data:' method. This commit adds that to the allowed image sources.

History

#1 Updated by The Foreman Bot over 2 years ago

Status changed from Assigned to Ready For Testing
Pull request https://github.com/theforeman/foreman/pull/3850 added

#2 Updated by Tomer Brisker over 2 years ago

Related to Feature #9117: Update to secure_headers 3.x added

#3 Updated by Dominic Cleal over 2 years ago

Legacy Backlogs Release (now unused) set to 189

#4 Updated by Anonymous over 2 years ago

Status changed from Ready For Testing to Closed
% Done changed from 0 to 100

Applied in changeset e2b73df4f5aae74aaa73e60255b15c1b772fcf03.

#5 Updated by Daniel Lobato Garcia over 2 years ago

Target version set to 1.5.2

Also available in: Atom PDF