csp_policy do not include google workspace url lh3.googleusercontent.com #15238
Comments
|
👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can. |
|
You should be able to add that to |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Debug mode
Describe the bug
on Http/Middleware/SecurityHeaders.php line 91
$csp_policy[] = "img-src 'self' data: ".config('app.url').' '.config('app.additional_csp_urls').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com https://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com';is missing the google workspace url lh3.googleusercontent.com
adding *.googleusercontent.com solve the problem
Another problem is in Edit profile, if you have a google workspace avatar the URL generated is
https://snipeit.url.com/uploads/avatars/https://lh3.googleusercontent.com/a/data
Reproduction steps
...
Expected behavior
Open the avatar
Screenshots
No response
Snipe-IT Version
v7.0.10
Operating System
docker
Web Server
snipe/snipe-it:v7.0.10
PHP Version
8.1.2-1ubuntu2.18
Operating System
No response
Browser
No response
Version
No response
Device
No response
Operating System
No response
Browser
No response
Version
No response
Error messages
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: