Commit e5d6f333 authored by Connor Shea's avatar Connor Shea

Update image policy to allow external images over HTTPS.

parent 4984d1a6
...@@ -22,7 +22,7 @@ SecureHeaders::Configuration.default do |config| ...@@ -22,7 +22,7 @@ SecureHeaders::Configuration.default do |config|
frame_src: %w('self'), frame_src: %w('self'),
connect_src: %w('self'), connect_src: %w('self'),
font_src: %w('self'), font_src: %w('self'),
img_src: %w('self' www.gravatar.com secure.gravatar.com), img_src: %w('self' www.gravatar.com secure.gravatar.com https:),
media_src: %w('none'), media_src: %w('none'),
object_src: %w('none'), object_src: %w('none'),
script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com), script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment