From e5d6f33378c302bc65b5637dfeff9d5a852647d5 Mon Sep 17 00:00:00 2001
From: Connor Shea <connor.james.shea@gmail.com>
Date: Mon, 20 Jun 2016 15:53:17 -0600
Subject: [PATCH] Update image policy to allow external images over HTTPS.

---
 config/initializers/secure_headers.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/initializers/secure_headers.rb b/config/initializers/secure_headers.rb
index 075a5fc1876..3788dbf9473 100644
--- a/config/initializers/secure_headers.rb
+++ b/config/initializers/secure_headers.rb
@@ -22,7 +22,7 @@ SecureHeaders::Configuration.default do |config|
     frame_src: %w('self'),
     connect_src: %w('self'),
     font_src: %w('self'),
-    img_src: %w('self' www.gravatar.com secure.gravatar.com),
+    img_src: %w('self' www.gravatar.com secure.gravatar.com https:),
     media_src: %w('none'),
     object_src: %w('none'),
     script_src: %w('unsafe-inline' 'self' maxcdn.bootstrapcdn.com),
-- 
GitLab