We are using this package for some time now and it works great! But we are trying to implement a secure content security policy. However, the preview of the images is show as a base64 image. In order to allow to show those we need to add image-src: 'data' to our CSP. The documentation of the CSP marks this as potentially insecure. Is there a way to still have the previews working without allowing this potentially insecure method?
Would be great to hear how other projects use this package in combination with a CSP.
We are using this package for some time now and it works great! But we are trying to implement a secure content security policy. However, the preview of the images is show as a base64 image. In order to allow to show those we need to add
image-src: 'data'to our CSP. The documentation of the CSP marks this as potentially insecure. Is there a way to still have the previews working without allowing this potentially insecure method?Would be great to hear how other projects use this package in combination with a CSP.