Skip to main content
Announcements
Qlik Connect 2025: 3 days of full immersion in data, analytics, and AI. May 13-15 | Orlando, FL: Learn More
cancel
Showing results for 
Search instead for 
Did you mean: 
a_bodesy
Contributor II
Contributor II

Render Images in Qlik Cloud with CSP

I'm looking to render images in Qlik Cloud via URLs. I have imported some extensions that previously allowed me to do this before moving to Qlik Cloud. My hunch is that my content security policy is not properly configured. I have all of my images and corresponding URLs stored within a Github repo that I'd like to be able to reference. 

In short my question is - when pasting my Github URL into the origin of the content security policy, it defaults back to "github.com" when clicking save. What do I need to enter in for "origin" for this to work?

Labels (1)
1 Solution

Accepted Solutions
hakana
Employee
Employee

Any URL is shortened to just the HOST of the URL since CSP is working on origins and not PATHS
Any schema (http/https) is also removed since it saves characters in the header and the policy will "upgrade" and http to https anyway

Looking at Github it seems any "raw" link is forwarded to raw.githubusercontent.com. Is it this origin that you have added to your CSP?

Notice that you will whitelist any requests to the whole github subdomain if you host your images on github

You should also be able to see any blocked requests in the developer console in your browser

View solution in original post

2 Replies
hakana
Employee
Employee

Any URL is shortened to just the HOST of the URL since CSP is working on origins and not PATHS
Any schema (http/https) is also removed since it saves characters in the header and the policy will "upgrade" and http to https anyway

Looking at Github it seems any "raw" link is forwarded to raw.githubusercontent.com. Is it this origin that you have added to your CSP?

Notice that you will whitelist any requests to the whole github subdomain if you host your images on github

You should also be able to see any blocked requests in the developer console in your browser

a_bodesy
Contributor II
Contributor II
Author

Changing the origin from github.com to raw.githubusercontent.com worked, thank you!