fix(csp): external images broken

This change fixes an issue with the Content Secruity Policy, where images are incorrectly blocked, preventing apps from being able to set their logo on the connect account screen
2026-01-12 17:53:19 +08:00 · 2021-10-29 16:11:07 +02:00
parent f484c6a951
commit 91331d9133
1 changed files with 1 additions and 1 deletions
--- a/scripts/generate-manifest.js
+++ b/scripts/generate-manifest.js
@@ -68,7 +68,7 @@ const name = PREVIEW_RELEASE ? 'Hiro Wallet Preview' : 'Hiro Wallet';
 const prodManifest = {
  name,
  content_security_policy:
-    "default-src 'none'; connect-src *; style-src 'unsafe-inline'; script-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none';",
+    "default-src 'none'; connect-src *; style-src 'unsafe-inline'; img-src 'self' https:; script-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none';",
  icons: generateImageAssetUrlsWithSuffix(PREVIEW_RELEASE ? '-preview' : ''),
  browser_action: {
    default_icon: `assets/connect-logo/Stacks128w${PREVIEW_RELEASE ? '-preview' : ''}.png`,