CSP img-src issue
306
1
04-28-2023 06:55 AM
by
Hi there
I am using API v4.25 and want to optimize the Content Security Policy headers.
In the img-src directive I currently use data: attribute. Our security team told us to remove this attribute. After that, the map still works but I get the following error in the console:
What is this SVG image used for? Is there a way to remove the error without having the data: attribute included in img-src?
Thanks in advance.
by
Hi there
Is there any update on this? The issue is still there in v4.28.
I also get errors when I remove blob: entry from worker-src directive but the map itself still works:
