Hi Maxim,
I needed to remove default value "data:" and just add the needed host.
If it should be like that it is fine for me...
Greetings Peter
Am 22.05.20 um 16:55 schrieb Maxim Solodovnik:
What was the value?
And what in the logs?
On Fri, 22 May 2020 at 21:54, Peter Dähn <da...@vcrp.de> wrote:
Hi Maxim,
I missed this change... But if I try to change header.csp.image
this ends up like this...
Greetings Peter
Am 22.05.20 um 16:43 schrieb Maxim Solodovnik:
yep
this huge config param was splitted
please check
herehttps://builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/site/openmeetings-server/GeneralConfiguration.html
On Fri, 22 May 2020 at 21:40, Peter Dähn <da...@vcrp.de> <da...@vcrp.de> wrote:
Hi together,
after latest update of OM to Revision aa09332 I get following error:
*Refused to load the image 'https://HOST/portrait' because it violates the
following Content Security Policy directive: "img-src 'self' 'self' data:
data:". *
Changing in csp header config to
*default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'
'unsafe-inline' 'unsafe-eval'; img-src 'self' HOST data:;
X-Content-Type-Options ''; *
and restart om doesn't change this behavior.
Do I do something wrong or is it a bug?
Greetings Peter