diff options
-rw-r--r-- | config/initializers/secure_headers.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb index 075a5fc1876..3788dbf9473 100644 --- a/config/initializers/secure_headers.rb +++ b/config/initializers/secure_headers.rb @@ -22,7 +22,7 @@ SecureHeaders::Configuration.default do |config| frame_src: %w('self'), connect_src: %w('self'), font_src: %w('self'), - img_src: %w('self' www.gravatar.com secure.gravatar.com), + img_src: %w('self' www.gravatar.com secure.gravatar.com https:), media_src: %w('none'), object_src: %w('none'), script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com), |