hi,
I am getting the warning below with my attachement preview
view.php:105 Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-fdt1I4ENZog++96txMxUGp5zEULTdhbSDdeEELK6SrY='), or a nonce ('nonce-...') is required to enable inline execution.
From what search onlineI need to put something as below into http_api.php but I not sure how. Please help.
Content-Security-Policy: default-src 'self'; script-src 'self' https://example.com 'sha256-base64 encoded hash'
Thank you
Content-Security-Policy
Moderators: Developer, Contributor
Re: Content-Security-Policy
i found the solution by updating the config_inc.php with the following but I cannot be sure if this will create CSP security risk
$g_custom_headers = array("Content-Security-Policy: img-src 'self';");
$g_custom_headers = array("Content-Security-Policy: img-src 'self';");
Re: Content-Security-Policy
[quote="kun9999"but I cannot be sure if this will create CSP security risk[/quote]It will introduce risk, as this replaces all other CSP headers.