user392500
Reputation: 37
Content Security Policy preventing images from loading
I have an express app which is loading some external assets, but they're getting blocked by CSP. I've never had this issue before, but this is the first time im using passport.js and helmet.js within an app so maybe this has something to do with their configuration?
Refused to load the image 'https://fake-url.com' because it violates the following Content Security Policy directive: "img-src 'self' data:".
I've tried adding a meta tag to allow images from external sources but this seems to have no effect. Any help would be appreciated.
Upvotes: 0
Views: 2757
Answers (1)
Jamal
Reputation: 422
You have
content="default-src 'none'
This prevents loading resources from any source. Remove it.
Then change it to:
default-src 'self' fake-url.com';
More info bout the HTTP Content-Security-Policy response header below:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://content-security-policy.com/
Upvotes: 1
Related Questions
- Loading of a resource blocked by Content Security Policy
- Helmet: How to allow images to load from different domain (Err: NotSameOriginAfterDefaultedToSameOriginByCoep)
- Content Security Policy nodejs program
- Express not loading Images
- Content Security Policy: Script Refusing to Load
- Content Security Policy invalidating login session when site accessed from an external link
- Content-Security-Policy will not load images from external sources in React
- Image from public directory not loading Express NodeJs
- Content security violation with node/angular application
- Unable to display images using Node.js, Express, and EJS