Radish alpha
r
radicle-desktop
rad:z4D5UCArafTzTQpDZNQRuqswh3ury
Radicle desktop app
Radicle
Git
Patches 3871367e
Remove localhost attribute in the `img-src` CSP directive
Merged did:key:z6MkkfM3...sVz5 opened 1 year ago

By restricting img-src in our CSP, we weren’t allowing images from e.g. https://github.com like CI badges to display.

We can eventually look at it again in the future but I think users will try to embed pictures from lots of places in their comments, descriptions, etc.

Activity Changes +1 -1
1 file changed +1 -1 9632d61d 5dd75959
modified crates/radicle-tauri/tauri.conf.json
@@ -21,7 +21,7 @@
      "csp": {

        "default-src": "'self'",

        "connect-src": "ipc: http://ipc.localhost",
- 
        "img-src": "'self' asset: http://asset.localhost blob: data:",
+ 
        "img-src": "'self' blob: data: https:",

        "style-src": "'unsafe-inline' 'self'"

      },

      "pattern": {