search

Baroshem / nuxt-security

🛡 Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware
https://nuxt-security.vercel.app/
MIT License
797 stars 56 forks source link

Config for Cloudinary images #522

Open aligzl opened 4 days ago

aligzl commented 4 days ago

Hi, What is the correct confirmation for cloudinary images? I have tried below but non of them were work

security: {
    headers: {
      crossOriginEmbedderPolicy: isDev ? 'unsafe-none' : 'require-corp',

      contentSecurityPolicy: {
       // 'img-src': false
      // 'img-src': [ "'self'", 'data:', 'https://*.cloudinary.com'  ],
    // 'img-src': ["'self'", 'data:', 'https://res.cloudinary.com'],
      },

    },
  },

Thanks in advance

Baroshem commented 3 days ago

Hey there,

Good question. Try this :)

  security: {
    headers: {
      contentSecurityPolicy: {
        'img-src': [ "'self'", "data:", "https://*.cloudinary.com"]
      }
    },
  },

Tested on img element:

    <img src="https://cloudinary-marketing-res.cloudinary.com/image/upload/f_auto,q_auto/v1662679291/phone-image.png" />