Update image policy to allow external images over HTTPS.

e5d6f333 · Connor Shea · 4984d1a6 · e5d6f333
Commit e5d6f333 authored 8 years ago by Connor Shea
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

config/initializers/secure_headers.rb config/initializers/secure_headers.rb +1 -1

No files found.
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -22,7 +22,7 @@ SecureHeaders::Configuration.default do |config|
    frame_src: %w('self'),
    connect_src: %w('self'),
    font_src: %w('self'),
-    img_src: %w('self' www.gravatar.com secure.gravatar.com),
+    img_src: %w('self' www.gravatar.com secure.gravatar.com https:),
    media_src: %w('none'),
    object_src: %w('none'),
    script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com),