From bc9c2476573df3ad26ff3d25e40cec3e9d8c1974 Mon Sep 17 00:00:00 2001
From: Joachim Hill-Grannec <joachim.hill@gmail.com>
Date: Fri, 19 Jan 2024 22:04:00 -0600
Subject: [PATCH] fix: image source for the avatars

---
 app-config.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app-config.yaml b/app-config.yaml
index 1e0b585..f80464f 100644
--- a/app-config.yaml
+++ b/app-config.yaml
@@ -19,6 +19,12 @@ backend:
     # host: 127.0.0.1
   csp:
     connect-src: ["'self'", 'http:', 'https:']
+    img-src:
+      [
+        "'self'",
+        'data:',
+        'https://avatars.githubusercontent.com'
+      ]
     # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
     # Default Helmet Content-Security-Policy values can be removed by setting the key to false
   cors: