Skip to content
Permalink
Browse files
CB-11938 updated csp to include content: for img-src
  • Loading branch information
stevengill committed Sep 30, 2016
1 parent 27919ad commit 451d94fe9550038adbc3baedd7b42f9baf422eb4
Showing 1 changed file with 1 addition and 1 deletion.
@@ -28,7 +28,7 @@
* Disables use of inline scripts in order to mitigate risk of XSS vulnerabilities. To change this:
* Enable inline JS: add 'unsafe-inline' to default-src
-->
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *">
<meta http-equiv="Content-Security-Policy" content="default-src 'self' data: gap: https://ssl.gstatic.com 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src *; img-src 'self' data: content:;">
<meta name="format-detection" content="telephone=no">
<meta name="msapplication-tap-highlight" content="no">
<meta name="viewport" content="user-scalable=no, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width">

0 comments on commit 451d94f

Please sign in to comment.