Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve experience by automatically appending favicon domain to content_security_policy config #1890

Open
HeySora opened this issue Jan 14, 2025 · 1 comment · May be fixed by #1891
Open

Improve experience by automatically appending favicon domain to content_security_policy config #1890

HeySora opened this issue Jan 14, 2025 · 1 comment · May be fixed by #1891

Comments

@HeySora
Copy link

HeySora commented Jan 14, 2025

Context: Assume a situation where a favicon coming from another domain (or subdomain) is used, as so:
image

By default, the favicon will not work, because of a Content-Security-Policy error:
image

Of course, an evident workaround is to manually add img-src other-website.com in the security.content_security_policy value, in the Config. But that additional step can confuse people.

So, I wonder if snappymail could automatically add the domain where the favicon is under as an allowed img-src automatically.
@HeySora HeySora linked a pull request Jan 14, 2025 that will close this issue
Open
@HeySora
Copy link
Author

HeySora commented Jan 14, 2025

I ended up opening a PR at #1891 to solve that issue and improve the experience for everyone :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Automatically add favicon host to CSP if present HeySora/snappymail
1 participant
@HeySora