`data:` is required for WB so it can't be removed :( What was the stacktrace in the logs? And what was the value?
According to the code CSP values should be comma delimited I guess you have them space delimited ... On Fri, 22 May 2020 at 22:00, Peter Dähn <da...@vcrp.de> wrote: > Hi Maxim, > > I needed to remove default value "data:" and just add the needed host. > > If it should be like that it is fine for me... > > Greetings Peter > > Am 22.05.20 um 16:55 schrieb Maxim Solodovnik: > > What was the value? > > And what in the logs? > > > > On Fri, 22 May 2020 at 21:54, Peter Dähn <da...@vcrp.de> wrote: > > > >> Hi Maxim, > >> > >> I missed this change... But if I try to change header.csp.image > >> > >> this ends up like this... > >> > >> > >> > >> Greetings Peter > >> > >> Am 22.05.20 um 16:43 schrieb Maxim Solodovnik: > >> > >> yep > >> this huge config param was splitted > >> please check herehttps:// > builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/site/openmeetings-server/GeneralConfiguration.html > >> > >> On Fri, 22 May 2020 at 21:40, Peter Dähn <da...@vcrp.de> <da...@vcrp.de> > wrote: > >> > >> > >> Hi together, > >> > >> after latest update of OM to Revision aa09332 I get following error: > >> > >> > >> *Refused to load the image 'https://HOST/portrait' because it violates > the > >> following Content Security Policy directive: "img-src 'self' 'self' > data: > >> data:". * > >> Changing in csp header config to > >> > >> > >> *default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' > >> 'unsafe-inline' 'unsafe-eval'; img-src 'self' HOST data:; > >> X-Content-Type-Options ''; * > >> and restart om doesn't change this behavior. > >> > >> Do I do something wrong or is it a bug? > >> > >> Greetings Peter > >> > >> > >> > >> > > -- Best regards, Maxim