Allow configuration of storage server URL for security policy

config/initializers/secure_headers.rb

@@ -21,6 +21,9 @@ csp_policy = {
 csp_policy[:connect_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:img_src] << PIWIK["location"] if defined?(PIWIK)
 csp_policy[:script_src] << PIWIK["location"] if defined?(PIWIK)
+
+csp_policy[:img_src] << Settings.storage_url if Settings.key?(:storage_url)
+
 csp_policy[:report_uri] << Settings.csp_report_url if Settings.key?(:csp_report_url)
 
 cookie_policy = {

config/settings.yml

@@ -124,3 +124,5 @@ csp_enforce: false
 #csp_report_url: ""
 # Storage service to use in production mode
 storage_service: "local"
+# Root URL for storage service
+# storage_url: