CSP for images via Jemoji


#1

I am using the Jemoji plugin to provide emoji on my site. I have a Content Security Policy that sets a number of HTTP headers in a _headers file. In a previous version of the plugin, these images were served from assets-cdn.github.com. In version, 0.10.2, this was changed to https://github.githubassets.com/, but for some reason the plugin still points to emoji from the prior URL and my images are blocked.

Does anyone know where I can change the URL where these images are coming from?


#2

Can you verify you’re using version 0.10.2 in your Gemfile?
According to this commit looks like everything was updated to https://github.githubassets.com/


#3

I had the wrong version constraint specified in my Gemfile, I’ve updated this, and bundle show jemoji returns the following path:

/Users/Chris/.rbenv/versions/2.5.0/lib/ruby/gems/2.5.0/gems/jemoji-0.10.2

That said, I still get 404’s on the posts where emoji are used. Using the updated assets baseurl returns the correct images, but I’m unclear about how to insert these into a post.


#4

You sure you’ve retriggered a build on your production server? Or maybe the HTML is being cached by your browser?

I just cloned your repo and built it locally and the paths seem correct to me.

image

<img class="emoji" title=":confounded:" alt=":confounded:" src="https://github.githubassets.com/images/icons/emoji/unicode/1f616.png" width="20" height="20">