fix(csp): allow external https images in img-src — closes #608

Co-authored-by: Hermes Agent <agent@hermes>
2026-04-16 23:34:21 -07:00
parent d6267f4d31
commit f3f23abd4e
3 changed files with 7 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Hermes Web UI -- Changelog

+## [v0.50.76] — 2026-04-17
+
+### Fixed
+- **CSP blocked external images in chat** — `img-src` in the Content Security Policy was restricted to `'self'` and `data:`, causing the browser to block any external image URLs (e.g. from Wikipedia, GitHub, or other HTTPS sources) that the agent rendered in a response. Expanded to `img-src 'self' data: https: blob:` so external images load correctly. (Closes #608)
+
 ## [v0.50.75] — 2026-04-17

 ### Fixed