Restricting Image Domains with Rails CSP

You may need to restrict where images are fetched in your content to prevent cases such as NTLM hash stealing.

To add a domain restriction, perform the following steps:

  1. ssh to your instance as the dradispro user.
  2. Open the content_security_policy.rb file found in the /opt/dradispro/dradispro/current/config/initializers directory
  3. Update the following line from:

    policy.img_src     :self, :https, :data

    To:

    policy.img_src     :self, :data, 'https://example.com', 'https://anotherdomain.com'

    Where https://example.com and https://anotherdomain.com are the domains you're allowing your <img> tags to be fetched from. In case you need to allow more domains, you can add more to the line separated with a comma

  4. Save the file
  5. Restart the server with
    $ god load /etc/god.d/dradispro-puma.god
    $ god restart

Images fetched from your instance should now be restricted!

Next help article: Change default CIC password →

Seven Strategies To Differentiate Your Cybersecurity Consultancy

You don’t need to reinvent the wheel to stand out from other cybersecurity consultancies. Often, it's about doing the simple things better, and clearly communicating what sets you apart.

  • Tell your story better
  • Improve your testimonials and case studies
  • Build strategic partnerships

Your email is kept private. We don't do the spam thing.