diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/security_headers.hpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/security_headers.hpp b/include/security_headers.hpp index 236b367fac..9af494d21b 100644 --- a/include/security_headers.hpp +++ b/include/security_headers.hpp @@ -82,7 +82,7 @@ inline void addSecurityHeaders(const crow::Request& req [[maybe_unused]], // If XSS is disabled, we need to allow loading from addresses other // than self, as the BMC will be hosted elsewhere. res.addHeader("Content-Security-Policy", "default-src 'none'; " - "img-src *; " + "img-src * data:; " "font-src *; " "style-src *; " "script-src *; " |