Middlewares
Important Note on Security Middleware
The system automatically injects 'https://picsum.photos', 'https://icons8.com', 'https://img.icons8.com' into the img-src directive of the Content Security Policy (CSP) in Strapi's security middleware.
Why is this important?
This adjustment is necessary to make sure icons which are remotely hosted are allowed to be loaded into the admin panel.
What If You Customize the Security Middleware?
If you've customized the Strapi security middleware in your config/middlewares.js, the system will merge our required CSP directive with your existing configuration. This ensures both your custom rules and our mandatory directives coexist seamlessly.
Can I modify this?
While this is injected automatically for compatibility, you can further customize your security middleware configuration in Strapi if needed. However, removing this directive may prevent the animations from working as intended.
For more details on customizing the Strapi security middleware, refer to the Strapi Middleware Documentation.