From 1ae9e8bc387a85c78928d2fbeca9974241d795da Mon Sep 17 00:00:00 2001
From: =?utf8?q?Thomas=20Bu=C3=9Fmeyer?= <thomas.bussmeyer@pixelpark.com>
Date: Tue, 28 Jun 2016 13:13:15 +0200
Subject: [PATCH] Add data: as image src.

---
 customer/spd/development.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/customer/spd/development.yaml b/customer/spd/development.yaml
index 861b09f7..728708aa 100644
--- a/customer/spd/development.yaml
+++ b/customer/spd/development.yaml
@@ -57,8 +57,8 @@ site::profile::typo3::projects:
       - 'set X-Frame-Options: sameorigin'
       - 'set X-XSS-Protection: "1; mode=block"'
       - 'set X-Content-Type-Options: nosniff'
-      - "set Content-Security-Policy: \"default-src 'self'; img-src 'self' analytics.spd.de; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com analytics.spd.de; frame-src 'self' analytics.spd.de w.soundcloud.com player.vimeo.com www.youtube.com www.youtube-nocookie.com api.spendino.de storify.com streaming.b1group.de; frame-ancestors 'self'\""
-      - "set X-Content-Security-Policy: \"default-src 'self'; img-src 'self' analytics.spd.de; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com analytics.spd.de; frame-src 'self' analytics.spd.de w.soundcloud.com player.vimeo.com www.youtube.com www.youtube-nocookie.com api.spendino.de storify.com streaming.b1group.de; frame-ancestors 'self'\""
+      - "set Content-Security-Policy: \"default-src 'self'; img-src 'self' analytics.spd.de data:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com analytics.spd.de; frame-src 'self' analytics.spd.de w.soundcloud.com player.vimeo.com www.youtube.com www.youtube-nocookie.com api.spendino.de storify.com streaming.b1group.de; frame-ancestors 'self'\""
+      - "set X-Content-Security-Policy: \"default-src 'self'; img-src 'self' analytics.spd.de data:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.spendino.de storify.com analytics.spd.de; frame-src 'self' analytics.spd.de w.soundcloud.com player.vimeo.com www.youtube.com www.youtube-nocookie.com api.spendino.de storify.com streaming.b1group.de; frame-ancestors 'self'\""
     headers_ssl:
       - 'always set Strict-Transport-Security "max-age=31556926"'
     directories:
-- 
2.39.5