Update to latest version of cockpit causing issues with thumbnail loader

[AKApumkin]

So just updated to the latest version to get access to the amazing JSON view button(game changer). However in doing so the thumbnails which were fine before, are now loading only over http, instead of https, I am getting the console log flagging as.

Refused to load the image 'http://mywebsite.com/storage/thumbs/my_image.png' because it violates the following Content Security Policy directive: "default-src https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

Normally to fix this there is some sort of enforce SSL on all paths, however i might have just missed it in the documentation, i have been through the modules for assets, can't see if its set there, as well as tried in my config.yaml to set site_base_url to the full path including https, but this didn't work either.

So this is a half question/ hal potential problem as i am not sure where to look to find where the thumbnail URLS are set to see if i can enforce SSL.

[AKApumkin]

So as a quick workaround, that is defiantly not a proper fix, but fits the current issue. i have modified my NGINX config to allow images through Http by assigning the * parameter specifically to any incoming images.

add_header Content-Security-Policy "default-src 'self' https data: 'unsafe-inline' 'unsafe-eval';img-src * data:" always;

[tommueller]

I also have this issue running the latest version of cockpit from the official docker image.

[the-unknown]

I can confirm that the issue still persists!