diff --git a/backend/internal/middleware/csp_middleware.go b/backend/internal/middleware/csp_middleware.go index 3ddd71f9..b39b13f1 100644 --- a/backend/internal/middleware/csp_middleware.go +++ b/backend/internal/middleware/csp_middleware.go @@ -34,7 +34,7 @@ func (m *CspMiddleware) Add() gin.HandlerFunc { "object-src 'none'; " + "frame-ancestors 'none'; " + "form-action 'self'; " + - "img-src 'self' data: blob:; " + + "img-src * blob:;" + "font-src 'self'; " + "style-src 'self' 'unsafe-inline'; " + "script-src 'self' 'nonce-" + nonce + "'" diff --git a/frontend/src/lib/components/form/profile-picture-settings.svelte b/frontend/src/lib/components/form/profile-picture-settings.svelte index 4ac8d44e..940a31a3 100644 --- a/frontend/src/lib/components/form/profile-picture-settings.svelte +++ b/frontend/src/lib/components/form/profile-picture-settings.svelte @@ -35,12 +35,7 @@ isLoading = true; - const reader = new FileReader(); - reader.onload = (event) => { - imageDataURL = event.target?.result as string; - }; - reader.readAsDataURL(file); - + imageDataURL = URL.createObjectURL(file); await updateCallback(file).catch(() => { imageDataURL = cachedProfilePicture.getUrl(userId); }); diff --git a/frontend/src/routes/settings/admin/application-configuration/application-image.svelte b/frontend/src/routes/settings/admin/application-configuration/application-image.svelte index 26e88790..a7b050ef 100644 --- a/frontend/src/routes/settings/admin/application-configuration/application-image.svelte +++ b/frontend/src/routes/settings/admin/application-configuration/application-image.svelte @@ -31,12 +31,7 @@ if (!file) return; image = file; - - const reader = new FileReader(); - reader.onload = (event) => { - imageDataURL = event.target?.result as string; - }; - reader.readAsDataURL(file); + imageDataURL = URL.createObjectURL(file); } diff --git a/frontend/src/routes/settings/admin/oidc-clients/oidc-client-form.svelte b/frontend/src/routes/settings/admin/oidc-clients/oidc-client-form.svelte index 7ac871a1..e5c2dd69 100644 --- a/frontend/src/routes/settings/admin/oidc-clients/oidc-client-form.svelte +++ b/frontend/src/routes/settings/admin/oidc-clients/oidc-client-form.svelte @@ -115,9 +115,7 @@ } else { logo = input; $inputs.logoUrl && ($inputs.logoUrl.value = ''); - const reader = new FileReader(); - reader.onload = (event) => (logoDataURL = event.target?.result as string); - reader.readAsDataURL(input); + logoDataURL = URL.createObjectURL(input); } }