We have installed the TinyMCE plugin that replaces the markdown Rich Text editor. It appears to be working as an editor however it’s caused all uploaded images in the CMS admin to not load.
this is the following error message:
Refused to load the image '<URL>' because it violates the following Content Security Policy directive: "img-src 'self' *.tinymce.com *.tiny.cloud data: blob: dl.airtable.com strapi.io s3.amazonaws.com cdn.jsdelivr.net luminous-treasure-xxx.strapiapp.com"
And here is our middlewares.js file:
module.exports = [ "strapi::logger", "strapi::errors", "strapi::cors", "strapi::poweredBy", "strapi::query", "strapi::body", "strapi::session", "strapi::favicon", "strapi::public", { name: "strapi::security", config: { contentSecurityPolicy: { useDefaults: true, directives: { "script-src": ["'self'", "*.tinymce.com", "*.tiny.cloud", "https:"], "connect-src": [ "'self'", "*.tinymce.com", "*.tiny.cloud", "blob:", "*.strapi.io", ], "img-src": [ "'self'", "*.tinymce.com", "*.tiny.cloud", "data:", "blob:", "dl.airtable.com", "strapi.io", "s3.amazonaws.com", "cdn.jsdelivr.net", "luminous-treasure-xxx.strapiapp.com", "localhost:1337", ], "style-src": [ "'self'", "'unsafe-inline'", "*.tinymce.com", "*.tiny.cloud", ], "font-src": ["'self'", "*.tinymce.com", "*.tiny.cloud"], }, upgradeInsecureRequests: null, }, }, }, ];
We’ve added the domains we thought would be required but with no luck.
Any pointers would be much appreciated
Thanks
This topic has been created from a Discord post (1219978631141658624) to give it more visibility.
It will be on Read-Only mode here.
Join the conversation on Discord