From fc5714b1dedf22694213142d1cf6b22c7ec2192a Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Wed, 4 Sep 2024 21:07:50 +0200
Subject: [PATCH] Lobby: Dashboard - small experiment for
 https://github.com/opnsense/core/issues/7837 inspired by the 'Refused to load
 the image 'data:image/svg+xml;...' message.

---
 .../mvc/app/controllers/OPNsense/Base/ControllerBase.php        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
index ad4c1a90f..04f4b25ff 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
@@ -284,7 +284,7 @@ class ControllerBase extends ControllerRoot
         // set security policies
         $policies = array(
             "default-src" => "'self'",
-            "img-src" => "'self'",
+            "img-src" => "'self' data: blob:",
             "script-src" => "'self' 'unsafe-inline' 'unsafe-eval'",
             "style-src" => "'self' 'unsafe-inline' 'unsafe-eval'");
         foreach ($this->content_security_policy as $policy_name => $policy_content) {