Inline images not working

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
acoder2020
Posts: 106
Joined: 11 Jan 2024, 19:32

Re: Inline images not working

Post by acoder2020 »

These may be relevant:

MantisBT Formatting 2.26.1
MarkDown Editor 0.3
Top
cas
Posts: 1768
Joined: 11 Mar 2006, 16:08
Contact:
Contact cas

Re: Inline images not working

Post by cas »

Yep, it is the markdown editor so you need go here for support: https://github.com/ejyothi/MantisBT-MarkDownEditor
Top
acoder2020
Posts: 106
Joined: 11 Jan 2024, 19:32

Re: Inline images not working

Post by acoder2020 »

Submitted under https://github.com/ejyothi/MantisBT-Mar ... /issues/18
Top
raspopov
Posts: 8
Joined: 12 Dec 2024, 15:34
Contact:
Contact raspopov

Re: Inline images not working

Post by raspopov »

acoder2020 wrote:Wait, discovered the problem:
Refused to load the image 'https://example.com/blahlbhalbh.jpg' because it violates the following Content Security Policy directive: "img-src 'self' 'self' data:".
For example you will need to create a mini-plugin with the next set of sufficient methods:

Code: Select all

	function hooks() {
		return [ 'EVENT_CORE_HEADERS' => 'csp_headers' ]
	}
	function csp_headers() {
		http_csp_add( 'img-src', 'https://example.com/' );
	}
Top
castris
Posts: 7
Joined: 29 May 2023, 06:22

Re: Inline images not working

Post by castris »

On version 2.27.0 with markdown plugin also there are de same problem

Code: Select all

Refused to load the image 'https://external-domain.com/path/image.jpg' because it violates the following Content Security Policy directive: "img-src 'self' data:".

Solution


Edit your `config_inc.php` file and add one of these configurations:

Option 1: Allow specific domain(s)

Code: Select all

// Add to config_inc.php
$g_custom_headers = array(
    'Content-Security-Policy: default-src \'self\'; img-src \'self\' data: https://your-domain.com; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-ancestors \'self\';'
);
For multiple domains:

Code: Select all

// Add to config_inc.php
$g_custom_headers = array(
    'Content-Security-Policy: default-src \'self\'; img-src \'self\' data: https://domain1.com https://domain2.com; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-ancestors \'self\';'
);
Option 2: Allow all external domains (less secure)

Code: Select all

// Add to config_inc.php
$g_custom_headers = array(
    'Content-Security-Policy: default-src \'self\'; img-src * data:; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-ancestors \'self\';'
);
Save the file and reload MantisBT in your browser.

Also can read in spanish languege Solución a problemas de carga de imágenes externas en MantisBT

Best regards
Top
Post Reply

Return to “Help”