Allow remote images for markdown content

4 files changed, 15 insertions, 2 deletions

diff --git a/app/Controller/Base.php b/app/Controller/Base.php
index f7ebdbab..548fdb40 100644
--- a/app/Controller/Base.php
+++ b/app/Controller/Base.php
@@ -143,7 +143,7 @@ abstract class Base
     private function sendHeaders($action)
     {
         // HTTP secure headers
-        $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => "'self' data:"));
+        $this->response->csp(array('style-src' => "'self' 'unsafe-inline'", 'img-src' => '*'));
         $this->response->nosniff();
         $this->response->xss();
 
diff --git a/app/Controller/Task.php b/app/Controller/Task.php
index 0789e8eb..e561d5f7 100644
--- a/app/Controller/Task.php
+++ b/app/Controller/Task.php
@@ -3,7 +3,6 @@
 namespace Controller;
 
 use Model\Project as ProjectModel;
-use Model\Task as TaskModel;
 
 /**
  * Task controller
diff --git a/assets/css/app.css b/assets/css/app.css
index 8d4633b4..04eaca54 100644
--- a/assets/css/app.css
+++ b/assets/css/app.css
@@ -1149,6 +1149,13 @@ a.task-board-nobody {
     margin-bottom: 10px;
     margin-left: 20px;
 }
+
+.markdown img {
+    display: block;
+    max-width: 80%;
+    margin-top: 10px;
+}
+
 /* listing block */
 .listing {
     border-radius: 4px;
diff --git a/assets/css/src/markdown.css b/assets/css/src/markdown.css
index d56812dd..dfc1fbb4 100644
--- a/assets/css/src/markdown.css
+++ b/assets/css/src/markdown.css
@@ -55,3 +55,10 @@
     margin-bottom: 10px;
     margin-left: 20px;
 }
+
+.markdown img {
+    display: block;
+    max-width: 80%;
+    margin-top: 10px;
+}
+