Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self' data:"
Question
after i uploaded my website on herokuy the images do not working and it gave me that error
Refused to load the image '' because it violates the following Content Security Policy directive: "img-src 'self' data:".
i have tried somethings like
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src data:" />
that but it does not work also
3 answers
solution1
2 2021-06-20 18:53:36
This disables the contentSecurityPolicy middleware but keeps the rest:
app.use(
helmet({
contentSecurityPolicy: false,
})
);
solution2
2 2022-05-21 13:33:36
app.use(helmet({ crossOriginEmbedderPolicy: false, originAgentCluster: true }));
app.use(
helmet.contentSecurityPolicy({
useDefaults: true,
directives: {
"img-src": ["'self'", "https: data: blob:"],
},
})
);
solution3
1 2021-12-31 13:02:55
Better practice instead of setting contentSecurityPolicy to false which should be the most last option. Using the Helmet documentation helps alot. I used this in my app and it solves the issue very well. My app is hosted here . Checkout my source code here .
app.use(
helmet.contentSecurityPolicy({
useDefaults: true,
directives: {
"img-src": ["'self'", "https: data:"]
}
})
)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.