Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2025: 3 days of full immersion in data, analytics, and AI. May 13-15 | Orlando, FL: Learn More
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
a_bodesy
Contributor II
Contributor II
‎2024-03-26 02:59 PM

Render Images in Qlik Cloud with CSP

I'm looking to render images in Qlik Cloud via URLs. I have imported some extensions that previously allowed me to do this before moving to Qlik Cloud. My hunch is that my content security policy is not properly configured. I have all of my images and corresponding URLs stored within a Github repo that I'd like to be able to reference. 

In short my question is - when pasting my Github URL into the origin of the content security policy, it defaults back to "github.com" when clicking save. What do I need to enter in for "origin" for this to work?

Labels (1)
Labels
313 Views
0 Likes
1 Solution

Accepted Solutions
hakana
Employee
Employee
‎2024-03-27 03:39 AM

Any URL is shortened to just the HOST of the URL since CSP is working on origins and not PATHS
Any schema (http/https) is also removed since it saves characters in the header and the policy will "upgrade" and http to https anyway

Looking at Github it seems any "raw" link is forwarded to raw.githubusercontent.com. Is it this origin that you have added to your CSP?

Notice that you will whitelist any requests to the whole github subdomain if you host your images on github

You should also be able to see any blocked requests in the developer console in your browser

View solution in original post

281 Views
0 Likes
2 Replies
hakana
Employee
Employee
‎2024-03-27 03:39 AM

Any URL is shortened to just the HOST of the URL since CSP is working on origins and not PATHS
Any schema (http/https) is also removed since it saves characters in the header and the policy will "upgrade" and http to https anyway

Looking at Github it seems any "raw" link is forwarded to raw.githubusercontent.com. Is it this origin that you have added to your CSP?

Notice that you will whitelist any requests to the whole github subdomain if you host your images on github

You should also be able to see any blocked requests in the developer console in your browser

282 Views
0 Likes
a_bodesy
Contributor II
Contributor II
‎2024-03-27 09:13 AM
Author

In response to hakana

Changing the origin from github.com to raw.githubusercontent.com worked, thank you!

268 Views
0 Likes