Project

General

Profile

Bug #7907

gravatars are now broken

Added by Ohad Levy over 4 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

after #7805, gravatar external lookups are not allowed, and the following is observed in the logs:

Refused to load the image 'http://secure.gravatar.com/avatar/7dcac275cbd245fbf96a9a6d8739b880?d=mm&s=30' because it violates the following Content Security Policy directive: "img-src 'self' data:".


Related issues

Related to Foreman - Feature #7805: Add several security related HTTP headers - security hardening.Closed2014-10-03

Associated revisions

Revision 2daac55f (diff)
Added by Shlomi Zadok over 4 years ago

fixes #7907 - Allow images from gravatar on secure headers

History

#1 Updated by Ohad Levy over 4 years ago

  • Related to Feature #7805: Add several security related HTTP headers - security hardening. added

#2 Updated by The Foreman Bot over 4 years ago

  • Status changed from New to Ready For Testing
  • Target version set to 1.7.2
  • Pull request https://github.com/theforeman/foreman/pull/1846 added
  • Pull request deleted ()

#3 Updated by Shlomi Zadok over 4 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#4 Updated by Daniel Lobato Garcia over 4 years ago

  • Legacy Backlogs Release (now unused) set to 21

h3.

Also available in: Atom PDF