Embedded flag icon breaks with CSP

Question

Embedded flag icon breaks with CSP

okkays opened this issue a year ago · 2 comments

Hello - let me know if I should direct this report somewhere else 😄

Our application (DOJ CRT's Civil Rights Portal) has a content security policy that disallows data URIs for security reasons (we have to be conservative with our CSP 😅)

A recent change to the touchpoints footer flag image embeds it using a data uri which, in combination with that CSP, prevents browsers from loading the flag.

After some effort, I can't find a clean way to fix this from our side (especially given the content is generated dynamically).

So I was wondering - have you run into this with other customers / any suggestions as to how to fix this?

Thanks!

Answer 1 · 2023-11-09T22:46:51.000Z

Hi @okkays,

The change has been reverted, and an image is loading again.
There are CSP changes that can be made on each website, and ideally, this will be revisited as an optional feature, along with CSP guidance.

Answer 2 · 2023-11-13T14:55:43.000Z

Thanks for the quick fix - can confirm it's working! sorry for the trouble 😅