Home > Mobile >  ContentSecurityPolicy data:image
ContentSecurityPolicy data:image

Time:12-07

I decided to try using ContentSecurityPolicy, everything seems to work fine, but the images stopped loading, I get this error

Request URL: data:image/jpeg;base64

What do I need to add to my ContentSecurityPolicy.php file to avoid this error?

This is what I have now

<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

class ContentSecurityPolicy
{
    public $resources = [
        'default-src' => [
            "'self'",
            "'unsafe-inline'",
            'cdnjs.cloudflare.com',
            'fonts.gstatic.com',
            'code.jquery.com',
        ],
    ];

    public function handle(Request $request, Closure $next)
    {
        $response = $next($request);

        $contentSecurityPolicy = '';
        foreach ($this->resources as $key => $values) {
            $contentSecurityPolicy .= $key . ' ' . implode(' ', $values);
        }

        $response->header("Content-Security-Policy", "default-src $contentSecurityPolicy");

        return $response;
    }
}

CodePudding user response:

It told you exactly what kind of header it is missing. Try adding data: to your array. But you should consider using that props only for img-src. Because allowing data: for scripts etc. is not a good idea while adding CSP.

    public $resources = [
        'default-src' => [
            "'self'",
            "data:",
            "'unsafe-inline'",
            'cdnjs.cloudflare.com',
            'fonts.gstatic.com',
            'code.jquery.com',
        ],
    ];
  • Related