You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.
Debug mode
Describe the bug
on Http/Middleware/SecurityHeaders.php line 91
$csp_policy[] = "img-src 'self' data: ".config('app.url').' '.config('app.additional_csp_urls').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com https://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com';
is missing the google workspace url lh3.googleusercontent.com
adding *.googleusercontent.com solve the problem
Another problem is in Edit profile, if you have a google workspace avatar the URL generated is
https://snipeit.url.com/uploads/avatars/https://lh3.googleusercontent.com/a/data
Reproduction steps
...
Expected behavior
Open the avatar
Screenshots
No response
Snipe-IT Version
v7.0.10
Operating System
docker
Web Server
snipe/snipe-it:v7.0.10
PHP Version
8.1.2-1ubuntu2.18
Operating System
No response
Browser
No response
Version
No response
Device
No response
Operating System
No response
Browser
No response
Version
No response
Error messages
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: