External resources are blocked by Content Security Policy 🤔 ?

[amirhouieh]

After the new deployment, some of the external resources get blocked apparently due to CSP.

@serhanwbahar could you please look into this?

[serhanwbahar]

I can see the blocked external resources:

Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self' *.status.im data:".
Refused to load the image 'https://img.shields.io/badge/License-Apache%202.0-blue.svg' because it violates the following Content Security Policy directive: "img-src 'self' *.status.im data:".
Refused to load the image 'https://img.shields.io/badge/License-MIT-blue.svg' because it violates the following Content Security Policy directive: "img-src 'self' *.status.im data:".
Refused to load the image 'https://img.shields.io/badge/stability-experimental-orange.svg' because it violates the following Content Security Policy directive: "img-src 'self' *.status.im data:".
Refused to load the image 'https://github.com/status-im/nim-codex/actions/workflows/ci.yml/badge.svg?branch=main' because it violates the following Content Security Policy directive: "img-src 'self' *.status.im data:".
Refused to load the image 'https://codecov.io/gh/status-im/nim-codex/branch/main/graph/badge.svg?token=XFmCyPSNzW' because it violates the following Content Security Policy directive: "img-src 'self' *.status.im data:".
Refused to load the image 'https://img.shields.io/discord/895609329053474826' because it violates the following Content Security Policy directive: "img-src 'self' *.status.im data:".

I need to add CSP to here and create a PR: https://github.com/status-im/infra-misc/blob/87e81a44ec97e2398be8bdb02d97b4563ff767ce/ansible/group_vars/sites.yml#L177

[serhanwbahar]

Fixed.

• https://github.com/status-im/infra-misc/pull/128