CSP for images via Jemoji

I am using the Jemoji plugin to provide emoji on my site. I have a Content Security Policy that sets a number of HTTP headers in a _headers file. In a previous version of the plugin, these images were served from assets-cdn.github.com. In version, 0.10.2, this was changed to https://github.githubassets.com/, but for some reason the plugin still points to emoji from the prior URL and my images are blocked.

Does anyone know where I can change the URL where these images are coming from?

Can you verify you’re using version 0.10.2 in your Gemfile?
According to this commit looks like everything was updated to https://github.githubassets.com/

I had the wrong version constraint specified in my Gemfile, I’ve updated this, and bundle show jemoji returns the following path:


That said, I still get 404’s on the posts where emoji are used. Using the updated assets baseurl returns the correct images, but I’m unclear about how to insert these into a post.


You sure you’ve retriggered a build on your production server? Or maybe the HTML is being cached by your browser?

I just cloned your repo and built it locally and the paths seem correct to me.


<img class="emoji" title=":confounded:" alt=":confounded:" src="https://github.githubassets.com/images/icons/emoji/unicode/1f616.png" width="20" height="20">