diff options
| author | Connor Shea <connor.james.shea@gmail.com> | 2016-06-20 15:53:17 -0600 |
|---|---|---|
| committer | Connor Shea <connor.james.shea@gmail.com> | 2016-07-18 11:43:35 -0600 |
| commit | e5d6f33378c302bc65b5637dfeff9d5a852647d5 (patch) | |
| tree | aa66a32764bb1d7a24d6cb5fb1eb1cdeb05e1eeb /config | |
| parent | 4984d1a6484017ea33778c8f743e47b9162aee21 (diff) | |
| download | gitlab-ce-e5d6f33378c302bc65b5637dfeff9d5a852647d5.tar.gz | |
Update image policy to allow external images over HTTPS.
Diffstat (limited to 'config')
| -rw-r--r-- | config/initializers/secure_headers.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index 075a5fc1876..3788dbf9473 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -22,7 +22,7 @@ SecureHeaders::Configuration.default do |config| frame_src: %w('self'), connect_src: %w('self'), font_src: %w('self'), - img_src: %w('self' www.gravatar.com secure.gravatar.com), + img_src: %w('self' www.gravatar.com secure.gravatar.com https:), media_src: %w('none'), object_src: %w('none'), script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com), |