Load images from external sites / domains with Playframework2

Image display of external site / domain on Play2 system

I'm a non-engineer, so I'm sparse around HTTP, and I'm stuck, so I posted it for similar development beginners. This time it was a situation where I wanted to access images in the cloud storage.

Correspond with the following code that it can be done like the image file in the project root.

index.html


//Others omitted
<img src="example.png ">

When I access localhost in Google Chrome, the image is not displayed.

image.png

Refused to load the image 'Image URL' because it violates the following 
Content Security Policy directive: "default-src 'self'". Note that 
'img-src' was not explicitly set, so 'default-src' is used as a fallback.

The above warning in the developer tools. Apparently it's not good for security, so stop it. For more information on Content Security Policy, follow the here link.

Solution: Set the security header

Refer to the official Play documentation. https://www.playframework.com/documentation/ja/2.4.x/SecurityHeaders

Create a new filter class

Place the filter class in the project root. The author was Scala, but Java got the source from the above document.

filter.scala


//Quoted from the link above (https://www.playframework.com/documentation/ja/2.4.x/SecurityHeader)
import javax.inject.Inject

import play.api.http.HttpFilters
import play.filters.headers.SecurityHeadersFilter

class Filters @Inject() (securityHeadersFilter: SecurityHeadersFilter) extends HttpFilters {
  def filters = Seq(securityHeadersFilter)
}

Describe the trusted domain in application.conf

application.conf



play.filters.headers.contentSecurityPolicy = "default-src 'self'; img-src 'self' example.com;"

・ ・ ・ Loaded! image.png

Recommended Posts

Load images from external sites / domains with Playframework2
Extract face images from videos with ffmpeg and OpenVINO
Load an external jar from a Spring Boot fat jar