@sgiehl opened this Pull Request on October 25th 2021 Member

Description:

When viewing the admin page, which contains a widget showing details on new plugins, or when opening the plugin details of a plugin, there is currently a CSP report shown:

[Report Only] Refused to load the image 'https://plugins.matomo.org/RerUserDates/images/4.0.1/RerUserDates-cal.png?w=400' because it violates the following Content Security Policy directive: "img-src 'self' 'unsafe-inline' 'unsafe-eval' data:".

To avoid this I've added *.matomo.org to img-src.

In addition premium plugins are loading the reviews from shop.matomo.org. This would also fail in the future, so added *.matomo.org to default-src as well.

refs #17923

Review

@tsteur commented on October 27th 2021 Member

works 👍

This Pull Request was closed on October 27th 2021
Powered by GitHub Issue Mirror