Allow one more url source for images cp-21.06.2-0

By adding this img-src to the content-security-policy it makes possible updating images from a dialog without requiring updating Collabora Online Signed-off-by: Pedro Pinto Silva <pedro.silva@collabora.com> Change-Id: I3ca8934c3e6eb0ee78a36a483f45eaf5649c84d5
author: Pedro Pinto Silva <pedro.silva@collabora.com> 2021-10-13 19:24:12 +0200
committer: Michael Meeks <michael.meeks@collabora.com> 2021-10-14 19:15:07 +0100
commit: 352d1d1f40c96cc76968ec657ad096ee36d7ca72 (patch)
tree: 0f498c6500b9933632e636670d7682b0acbf7b96 /wsd
parent: Bump package version to 21.06.2.0-1 (diff)
download: online-352d1d1f40c96cc76968ec657ad096ee36d7ca72.tar.gz
online-352d1d1f40c96cc76968ec657ad096ee36d7ca72.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp
index 33357e1375..db2c6e8340 100644
--- a/wsd/FileServer.cpp
+++ b/wsd/FileServer.cpp
@@ -813,7 +813,7 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request,
     // Document signing: if endpoint URL is configured, whitelist that for
     // iframe purposes.
     std::ostringstream cspOss;
-    cspOss << "Content-Security-Policy: default-src 'none'; "
+    cspOss << "Content-Security-Policy: default-src 'none'; img-src 'self' data: https://www.collaboraoffice.com/;"
 #ifdef ENABLE_FEEDBACK
         "frame-src 'self' " << FEEDBACK_LOCATION << " blob: " << documentSigningURL << "; "
 #else
author	Pedro Pinto Silva <pedro.silva@collabora.com>	2021-10-13 19:24:12 +0200
committer	Michael Meeks <michael.meeks@collabora.com>	2021-10-14 19:15:07 +0100
commit	352d1d1f40c96cc76968ec657ad096ee36d7ca72 (patch)
tree	0f498c6500b9933632e636670d7682b0acbf7b96 /wsd
parent	Bump package version to 21.06.2.0-1 (diff)
download	online-352d1d1f40c96cc76968ec657ad096ee36d7ca72.tar.gz online-352d1d1f40c96cc76968ec657ad096ee36d7ca72.zip