From bb5bef91467daaaa2717ef6ff9dc32386bad6ace Mon Sep 17 00:00:00 2001
From: Timmy Willison <timmywil@users.noreply.github.com>
Date: Wed, 22 Jan 2025 21:55:40 -0500
Subject: [PATCH] All: add CSP exceptions for the wordpress admin

---
 jquery/functions.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/jquery/functions.php b/jquery/functions.php
index 88e7616..9571d3b 100755
--- a/jquery/functions.php
+++ b/jquery/functions.php
@@ -294,9 +294,11 @@ function twentyeleven_content_security_policy() {
 		// Allow inline styles for typekit
 		'style-src' => "'self' 'unsafe-inline' code.jquery.com",
 		// Leaving out typekit img-src, which only loads the p.gif for analytics
-		'img-src' => "'self' code.jquery.com",
+		// Allow data: images and gravatars for the wordpress admin
+		'img-src' => "'self' data: secure.gravatar.com code.jquery.com",
 		// Allow fonts from typekit
-		'font-src' => "'self' use.typekit.net",
+		// Allow data: fonts for the wordpress admin
+		'font-src' => "'self' data: use.typekit.net",
 		'object-src' => "'none'",
 		'frame-ancestors' => "'none'",
 		'block-all-mixed-content' => '',