Support » Plugin: WordPress Gallery Plugin - NextGEN Gallery » Odd Impact of Content Security Policy on NGG

  • Recently we’ve been experimenting with different ‘Content Security Policies’ on the server, but we’ve found that even with one of the weakest there seems to be an unusual outcome for NextGen Gallery. For example using a CSP like this, which is about as soft as you can get..

    Content-Security-Policy: default-src * data:; script-src https: ‘unsafe-inline’ ‘unsafe-eval’; style-src https: ‘unsafe-inline’;

    ..means that when you go to ‘Add Gallery / Images’ and select an image to add then you will only see the default (general) thumbnail for the system rather than a thumbnail of the actual selected image itself in the pre-upload preview (i.e. this is just before you press the ‘Upload 1 Image’ button to finish, when the images you’ve chosen to upload are all listed but not yet uploaded).

    I can’t figure out why the CSP would be stopping the preview images from showing properly. Any ideas?

    The images are fine once they’re uploaded, but it’s just in the preview stage where this occurs.

    • This topic was modified 1 month, 1 week ago by ispreview.
Viewing 1 replies (of 1 total)
  • Plugin Support Benjamin

    (@benjaminowens)

    You may need to add img-src as well to your Content-Security-Policy:

    img-src https: filesystem: 'unsafe-inline'

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.