'Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self' data:"
after i uploaded my website on herokuy the images do not working and it gave me that error
Refused to load the image '' because it violates the following Content Security Policy directive: "img-src 'self' data:".
i have tried somethings like
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; font-src data:" />
that but it does not work also
Solution 1:[1]
This disables the contentSecurityPolicy middleware but keeps the rest:
app.use(
helmet({
contentSecurityPolicy: false,
})
);
Solution 2:[2]
Better practice instead of setting contentSecurityPolicy to false which should be the most last option. Using the Helmet documentation helps alot. I used this in my app and it solves the issue very well. My app is hosted here. Checkout my source code here.
app.use(
helmet.contentSecurityPolicy({
useDefaults: true,
directives: {
"img-src": ["'self'", "https: data:"]
}
})
)
Solution 3:[3]
app.use(helmet({ crossOriginEmbedderPolicy: false, originAgentCluster: true }));
app.use(
helmet.contentSecurityPolicy({
useDefaults: true,
directives: {
"img-src": ["'self'", "https: data: blob:"],
},
})
);
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Tracer69 |
| Solution 2 | Charleskimani |
| Solution 3 | ebed meleck |