From 80559dffd14dbd29b5cf7cc292ef903e9a7e8f64 Mon Sep 17 00:00:00 2001
From: "review512jwy@163.com" <“review512jwy@163.com”>
Date: Wed, 7 Jan 2026 10:31:22 +0800
Subject: [PATCH] img-src 'self' data: https://*.amazonaws.com;

---
 .../com/dongjian/dashboard/back/configurator/CrosXssFilter.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dongjian-dashboard-back-controller/src/main/java/com/dongjian/dashboard/back/configurator/CrosXssFilter.java b/dongjian-dashboard-back-controller/src/main/java/com/dongjian/dashboard/back/configurator/CrosXssFilter.java
index a236b18..1dd2247 100644
--- a/dongjian-dashboard-back-controller/src/main/java/com/dongjian/dashboard/back/configurator/CrosXssFilter.java
+++ b/dongjian-dashboard-back-controller/src/main/java/com/dongjian/dashboard/back/configurator/CrosXssFilter.java
@@ -79,7 +79,7 @@ public class CrosXssFilter implements Filter {
                     String nonce = UUID.randomUUID().toString().replace("-", "").substring(0, 16); // 生成随机 nonce
                     httpServletResponse.setHeader("Content-Security-Policy",
                             "default-src 'self'; " +
-                                    "img-src 'self' data:; "+
+                                    "img-src 'self' data: https://*.amazonaws.com;"+
                                     "font-src 'self' https://i.alicdn.com data:; "+ //阿里系的ui组件
 //                    	    "script-src 'self' 'nonce-" + nonce + "'; " + //nonce针对内联 JavaScript
 //            	    	    "style-src 'self' 'nonce-" + nonce + "'; " + //nonce针对内联 CSS