mirror of
https://github.com/zitadel/zitadel.git
synced 2025-12-25 05:16:43 +00:00
6699a6f966
Fix CSP img-src to allow ZITADEL instance assets # Which Problems Are Solved Login app was failing to load images (logos, branding assets) from ZITADEL instances due to Content Security Policy restrictions. The CSP img-src directive only allowed 'self' and https://vercel.com, blocking images from ZITADEL domains like https://login-*.zitadel.app. # How the Problems Are Solved - Dynamic CSP configuration: Extract hostname from ZITADEL_API_URL environment variable - Fallback support: Use *.zitadel.cloud wildcard when no specific URL is configured - Environment-aware: Works across dev/staging/prod without hardcoded domains