Preview thumbnail of attached image file is not shown in UI

The URL is correct but it is blocked by Content-Security-Policy: The page’s settings blocked the loading of a resource

See

kinto/kinto/plugins/admin/views.py

Lines 30 to 40 in e8e55d1

    
           # Add Content-Security-Policy HTTP response header to protect against XSS: 
        
           # only allow from local domain: 
        
           allow_local_only = "; ".join( 
        
               ( 
        
                   "default-src 'self'", 
        
                   "img-src data: 'self'", 
        
                   "script-src 'self' 'unsafe-inline' 'unsafe-eval'", 
        
                   "style-src 'self' 'unsafe-inline'", 
        
               ) 
        
           ) 
        
           request.response.headers["Content-Security-Policy"] = allow_local_only

(could have opened this issue but used remote-settiungs

	# Add Content-Security-Policy HTTP response header to protect against XSS:
	# only allow from local domain:
	allow_local_only = "; ".join(
	(
	"default-src 'self'",
	"img-src data: 'self'",
	"script-src 'self' 'unsafe-inline' 'unsafe-eval'",
	"style-src 'self' 'unsafe-inline'",
	)
	)
	request.response.headers["Content-Security-Policy"] = allow_local_only