From 60d4ccb02c8d7d9464624a6e69c09a85f93fe83a Mon Sep 17 00:00:00 2001 From: rugk Date: Sun, 1 Jul 2018 14:59:24 +0200 Subject: [PATCH] Add comment about blocked images Fixes https://github.com/PrivateBin/PrivateBin/issues/275 --- cfg/conf.sample.php | 1 + 1 file changed, 1 insertion(+) diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php index 0f71c87d..959c1a04 100644 --- a/cfg/conf.sample.php +++ b/cfg/conf.sample.php @@ -69,6 +69,7 @@ languageselection = false ; scripts or run your site behind certain DDoS-protection services. ; Check the documentation at https://content-security-policy.com/ ; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions. +; By default this disallows to load images from third-party servers, e.g. when they are embedded in pastes. If you wish to allow that, you can adjust the policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images for details. ; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'; sandbox allow-same-origin allow-scripts allow-forms allow-popups" ; stay compatible with PrivateBin Alpha 0.19, less secure