Answer the question
In order to leave comments, you need to log in
S
S
ShadowTrix2021-02-19 22:03:39
ShadowTrix, 2021-02-19 22:03:39
Content-Security-Policy: Getting images from HTTP?
Site on https.
The nginx config for Content-Security-Policy is set to:
add_header Content-Security-Policy "default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; base-uri 'self'; form-action 'self'; img-src *;";When inserting an image from a third-party resource that uses the http:// protocol, browsers give the following error:
Mixed Content: The page at 'https://my.site' was loaded over HTTPS, but requested an insecure element 'http://nemoy.site/image.jpg'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.htmlForced disabling https only in the browser settings helps, but I would like to solve this problem at the server level.
I thought that it
img-src *should allow embedding images from any sites, but this is not the case for browsers with the latest versions. I hope for the help of the experienced.
Thanks for answers.
Similar questions
C
N
S
A
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question