Mantis Bug Tracker - Forums


https://mantisbt.org/forums/

Inline images not working

https://mantisbt.org/forums/viewtopic.php?t=32067

Page 2 of 2

Re: Inline images not working

Posted: 05 Sep 2024, 18:25
by acoder2020
These may be relevant:

MantisBT Formatting 2.26.1
MarkDown Editor 0.3

Re: Inline images not working

Posted: 05 Sep 2024, 18:32
by cas
Yep, it is the markdown editor so you need go here for support: https://github.com/ejyothi/MantisBT-MarkDownEditor

Re: Inline images not working

Posted: 09 Sep 2024, 13:35
by acoder2020
Submitted under https://github.com/ejyothi/MantisBT-Mar ... /issues/18

Re: Inline images not working

Posted: 01 Mar 2025, 06:11
by raspopov
acoder2020 wrote:Wait, discovered the problem:
Refused to load the image 'https://example.com/blahlbhalbh.jpg' because it violates the following Content Security Policy directive: "img-src 'self' 'self' data:".
For example you will need to create a mini-plugin with the next set of sufficient methods:

Code: Select all

	function hooks() {
		return [ 'EVENT_CORE_HEADERS' => 'csp_headers' ]
	}
	function csp_headers() {
		http_csp_add( 'img-src', 'https://example.com/' );
	}

Re: Inline images not working

Posted: 21 May 2025, 09:11
by castris
On version 2.27.0 with markdown plugin also there are de same problem

Code: Select all

Refused to load the image 'https://external-domain.com/path/image.jpg' because it violates the following Content Security Policy directive: "img-src 'self' data:".

Solution


Edit your `config_inc.php` file and add one of these configurations:

Option 1: Allow specific domain(s)

Code: Select all

// Add to config_inc.php
$g_custom_headers = array(
    'Content-Security-Policy: default-src \'self\'; img-src \'self\' data: https://your-domain.com; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-ancestors \'self\';'
);
For multiple domains:

Code: Select all

// Add to config_inc.php
$g_custom_headers = array(
    'Content-Security-Policy: default-src \'self\'; img-src \'self\' data: https://domain1.com https://domain2.com; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-ancestors \'self\';'
);
Option 2: Allow all external domains (less secure)

Code: Select all

// Add to config_inc.php
$g_custom_headers = array(
    'Content-Security-Policy: default-src \'self\'; img-src * data:; script-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; style-src \'self\' \'unsafe-inline\'; frame-ancestors \'self\';'
);
Save the file and reload MantisBT in your browser.

Also can read in spanish languege Solución a problemas de carga de imágenes externas en MantisBT

Best regards
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited