fix: allow any image source but disallow base64

2025-12-17 02:33:07 +03:00 · 2025-10-03 11:50:39 +02:00
parent 507f9490fa
commit 22f4254932
4 changed files with 4 additions and 16 deletions
--- a/backend/internal/middleware/csp_middleware.go
+++ b/backend/internal/middleware/csp_middleware.go
@@ -34,7 +34,7 @@ func (m *CspMiddleware) Add() gin.HandlerFunc {
 			"object-src 'none'; " +
 			"frame-ancestors 'none'; " +
 			"form-action 'self'; " +
-			"img-src 'self' data: blob:; " +
+			"img-src * blob:;" +
 			"font-src 'self'; " +
 			"style-src 'self' 'unsafe-inline'; " +
 			"script-src 'self' 'nonce-" + nonce + "'"