mschipperheyn
commented
6 years ago Hi, here are some examples that are typically needed for using Google Analytics, Amazon, Facebook, Twitter, etc:
cspExtensions: {
childSrc: [
// Load iframes from social platforms
'staticxx.facebook.com',
'web.facebook.com',
'www.facebook.com',
'platform.twitter.com',
'accounts.google.com',
],
connectSrc: [],
defaultSrc: [],
// Load remote fonts
fontSrc: ['fonts.googleapis.com/css', 'fonts.gstatic.com'],
imgSrc: [
// Google Analytics pixel
'www.google-analytics.com',
'ssl.google-analytics.com',
// Facebook pixel
'web.facebook.com',
'www.facebook.com',
'syndication.twitter.com',
// Load images from amazon
'my_bucket_name.s3.amazonaws.com',
// Load blobs
"'self' blob:",
],
mediaSrc: ["'self' blob:"],
manifestSrc: [],
objectSrc: [],
scriptSrc: [
// Load script files from social, analytics, etc
'cdn.polyfill.io',
'cdnjs.cloudflare.com',
'www.google-analytics.com',
'www.google-analytics.com',
'ssl.google-analytics.com',
'www.google.com',
'connect.facebook.net',
'platform.twitter.com',
'apis.google.com',
'graph.facebook.com',
],
styleSrc: [
// Load css files from googleapis
'fonts.googleapis.com/css',
// Load styles from cloudflare.com
'cdnjs.cloudflare.com',
],
},
CamilaSolis
Hello! I am using the postcss-sass branch and I am trying to import a .svg image that I have upload in Amazon S3, based on another issue that I saw, place in server/middleware/security.js
imgSrc: [ "'self'", 'data:',
But it shows me this error:
Refused to load the image 'https://s3-sa-east-1.amazonaws.com/vc-front-end/bg/map.svg' because it violates the following Content Security Policy directive: "img-src 'self' data: 0.0.0.0:7331".
And the image is not shown, please, I need help :(