Hi all!
I have security headers and content security policy configured in a seperate middlewares.yml file which is working perfectly fine.
For one of my services I now need blob aswell as data for img-src, like I found online:
"img-src 'self' blob: data:;"
The problem is, that in the Traefik config it seems there can't exist two entries with a colon.
Only data: is fine, only blob: is fine. Both won't work together but I need both.
Does anybody have an idea?
Cheers,
Velaya
Hi all,
I almost forgot to answer to this. I found a solution to my problem and I share it in case someone faces the same issues and searches for it in the future:
Instead of writing your contentSecurityPolicy in a single line you can do it like this:
contentSecurityPolicy: >
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.mydomain.org;
img-src 'self' blob: data:;
font-src 'self';
The important part is the ">" after "contentSecurityPolicy:".
Not only does it highly increase the readability of the elements but also blob: and data: are now working simultaneously.
Cheers,
Velaya
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.