From bb502c2e651225b7e684f0844a4589b76470726c Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Bellet Date: Wed, 29 Mar 2023 17:27:14 +0200 Subject: [PATCH] Authorize `localhost:3000` as trusted domain for images --- config/initializers/content_security_policy.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index d870c1a5ba..73fbf5890a 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -8,6 +8,7 @@ Rails.application.config.content_security_policy do |policy| policy.default_src :self, :https policy.font_src :self, :https, :data, "fonts.gstatic.com" policy.img_src :self, :https, :data, "*.s3.amazonaws.com" + policy.img_src :self, :http, :data, ENV["SITE_URL"] if Rails.env.development? policy.object_src :none policy.frame_ancestors :none policy.script_src :self, :https, :unsafe_inline, :unsafe_eval, "*.stripe.com", "openfoodnetwork.innocraft.cloud",