I decided to try using ContentSecurityPolicy, everything seems to work fine, but the images stopped loading, I get this error
Request URL: data:image/jpeg;base64
What do I need to add to my ContentSecurityPolicy.php file to avoid this error?
This is what I have now
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
class ContentSecurityPolicy
{
public $resources = [
'default-src' => [
"'self'",
"'unsafe-inline'",
'cdnjs.cloudflare.com',
'fonts.gstatic.com',
'code.jquery.com',
],
];
public function handle(Request $request, Closure $next)
{
$response = $next($request);
$contentSecurityPolicy = '';
foreach ($this->resources as $key => $values) {
$contentSecurityPolicy .= $key . ' ' . implode(' ', $values);
}
$response->header("Content-Security-Policy", "default-src $contentSecurityPolicy");
return $response;
}
}
CodePudding user response:
It told you exactly what kind of header it is missing. Try adding data:
to your array. But you should consider using that props only for img-src
. Because allowing data:
for scripts etc. is not a good idea while adding CSP.
public $resources = [
'default-src' => [
"'self'",
"data:",
"'unsafe-inline'",
'cdnjs.cloudflare.com',
'fonts.gstatic.com',
'code.jquery.com',
],
];