This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Content-Security-Polisy header for images from Google Cloud Storage

Posted on 10-09-2023 07:04 AM
anastasiiaspvl
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

We want to use the images from Google Cloud Storage on the website with a Content Security Policy (CSP) header. Our storage has a URL https://BUCKET_NAME.storage.googleapis.com/..., so we expected that the following CSP configuration would not block the images from it. But it is still blocked.
CSP: img-src https://BUCKET_NAME.storage.googleapis.com/

After some experiments we figured out that we could unblock images by using a URL template without a bucket name: “https://*.storage.googleapis.com/”. But this rule is not strict enough.

Maybe someone has experience with setting up the correct CSP configuration for the images from the specific bucket. I would be happy for any help.

1 2 889
Topic Labels
2 REPLIES 2
Top Labels in this Space
Top Solution Authors
View all