Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/config/initializers/secure_headers.rb
diff options
context:
space:
mode:
authorConnor Shea <connor.james.shea@gmail.com>2016-06-21 00:53:17 +0300
committerConnor Shea <connor.james.shea@gmail.com>2016-07-18 20:43:35 +0300
commite5d6f33378c302bc65b5637dfeff9d5a852647d5 (patch)
treeaa66a32764bb1d7a24d6cb5fb1eb1cdeb05e1eeb /config/initializers/secure_headers.rb
parent4984d1a6484017ea33778c8f743e47b9162aee21 (diff)
Update image policy to allow external images over HTTPS.
Diffstat (limited to 'config/initializers/secure_headers.rb')
-rw-r--r--config/initializers/secure_headers.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 075a5fc1876..3788dbf9473 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -22,7 +22,7 @@ SecureHeaders::Configuration.default do |config|
frame_src: %w('self'),
connect_src: %w('self'),
font_src: %w('self'),
- img_src: %w('self' www.gravatar.com secure.gravatar.com),
+ img_src: %w('self' www.gravatar.com secure.gravatar.com https:),
media_src: %w('none'),
object_src: %w('none'),
script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com),
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-25 09:22:51 +0300