topic Re: Render Images in Qlik Cloud with CSP in Integration, Extension & APIs

Render Images in Qlik Cloud with CSP

a_bodesy — Tue, 26 Mar 2024 18:59:53 GMT

I'm looking to render images in Qlik Cloud via URLs. I have imported some extensions that previously allowed me to do this before moving to Qlik Cloud. My hunch is that my content security policy is not properly configured. I have all of my images and corresponding URLs stored within a Github repo that I'd like to be able to reference.

In short my question is - when pasting my Github URL into the origin of the content security policy, it defaults back to "github.com" when clicking save. What do I need to enter in for "origin" for this to work?

Re: Render Images in Qlik Cloud with CSP

hakana — Wed, 27 Mar 2024 07:42:02 GMT

Any URL is shortened to just the HOST of the URL since CSP is working on origins and not PATHS
Any schema (http/https) is also removed since it saves characters in the header and the policy will "upgrade" and http to https anyway

Looking at Github it seems any "raw" link is forwarded to raw.githubusercontent.com. Is it this origin that you have added to your CSP?

Notice that you will whitelist any requests to the whole github subdomain if you host your images on github

You should also be able to see any blocked requests in the developer console in your browser

Re: Render Images in Qlik Cloud with CSP

a_bodesy — Wed, 27 Mar 2024 13:13:51 GMT

Changing the origin from github.com to raw.githubusercontent.com worked, thank you!