From 91331d9133a31e36a66368ef61ca2b09e8532e5d Mon Sep 17 00:00:00 2001
From: kyranjamie <kyran.burraston@gmail.com>
Date: Fri, 29 Oct 2021 16:11:07 +0200
Subject: [PATCH] fix(csp): external images broken

This change fixes an issue with the Content Secruity Policy, where
images are incorrectly blocked, preventing apps from being able to
set their logo on the connect account screen
---
 scripts/generate-manifest.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/generate-manifest.js b/scripts/generate-manifest.js
index ed0ee248..b24a42e4 100644
--- a/scripts/generate-manifest.js
+++ b/scripts/generate-manifest.js
@@ -68,7 +68,7 @@ const name = PREVIEW_RELEASE ? 'Hiro Wallet Preview' : 'Hiro Wallet';
 const prodManifest = {
   name,
   content_security_policy:
-    "default-src 'none'; connect-src *; style-src 'unsafe-inline'; script-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none';",
+    "default-src 'none'; connect-src *; style-src 'unsafe-inline'; img-src 'self' https:; script-src 'self'; object-src 'none'; frame-src 'none'; frame-ancestors 'none';",
   icons: generateImageAssetUrlsWithSuffix(PREVIEW_RELEASE ? '-preview' : ''),
   browser_action: {
     default_icon: `assets/connect-logo/Stacks128w${PREVIEW_RELEASE ? '-preview' : ''}.png`,