This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Content-Security-Polisy header for images from Google Cloud Storage

Posted on 10-09-2023 07:04 AM
anastasiiaspvl
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

We want to use the images from Google Cloud Storage on the website with a Content Security Policy (CSP) header. Our storage has a URL https://BUCKET_NAME.storage.googleapis.com/..., so we expected that the following CSP configuration would not block the images from it. But it is still blocked.
CSP: img-src https://BUCKET_NAME.storage.googleapis.com/

After some experiments we figured out that we could unblock images by using a URL template without a bucket name: “https://*.storage.googleapis.com/”. But this rule is not strict enough.

Maybe someone has experience with setting up the correct CSP configuration for the images from the specific bucket. I would be happy for any help.

1 2 888
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
robertcarlos
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Hi @anastasiiaspvl,

Welcome to Google Cloud Community!

As of the moment, here's a list of headers supported by Google Cloud Storage.

Also, a feature request was already filed and you may check it through this link.

Hope this helps.

Posted on --/--/---- --:-- AM
kevinhatan
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

For mine it's

https://storage.googleapis.com/bucket-name/folder-name/folder-name/filename

I dunno how to configure my content-security-policy properly, please help. Thanks.

 

Top Labels in this Space
Top Solution Authors
View all