X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/e3ed9988ce5f57ed303326072f7f583b641e8774..da80a7bd08ce0c96529cef1ffdd9adce1c0374f0:/config/initializers/secure_headers.rb

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 54702a399..78e9fee37 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -7,7 +7,7 @@ csp_policy = {
   :form_action => %w['self'],
   :frame_ancestors => %w['self'],
   :frame_src => %w['self'],
-  :img_src => %w['self' data: www.gravatar.com *.wp.com *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr],
+  :img_src => %w['self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com *.openstreetmap.fr],
   :manifest_src => %w['self'],
   :media_src => %w['none'],
   :object_src => %w['self'],
@@ -21,6 +21,9 @@ csp_policy = {
 csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK)
+
+csp_policy[:img_src] << Settings.storage_url if Settings.key?(:storage_url)
+
 csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
 
 cookie_policy = {