Images are served directly from Amazon CloudFront servers for branch deployments

For a few hours now, images have suddenly been served from servers for branch deployments.

For these deployments, Safari now complains about the img-src directive of the Content Security Policy.

For instance, at

Refused to load because it does not appear in the img-src directive of the Content Security Policy.

Is this happening on any other browser for you or just safari?

This issue is not browser related. Netlify seems to somehow modify the served HTML so that img tags contain references to

In older deployments, the HTML code served through Netlify is as follows:

<img src="/assets/img/salsa_q1.webp" ...

In more recent ones:

<img src="" ...

This should be resolved. Could you please re-deploy?

Works again at with CSP img-src 'self' data:;.

HTML is not transformed anymore, at least in no way that would cause that issue:

<img src="/assets/img/salsa_q1.webp" ...

Thank you very much! :smiley: