re: How do you use an SVG as background image without affecting security? VIEW POST

re: I don't see the difference between your snippet and mine 😅. I know my relative URL is right, because without CSP it works fine.
default-src 'none' ; script-src 'self'; style-src 'self'; img-src 'self' ; font-src; connect-src 'self'; media-src 'none' ; object-src 'none' ; child-src 'none' ; frame-src 'self'; worker-src 'self' ; frame-ancestors 'none' ; form-action 'none' ; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self';

the difference between url('/img/bg.svg') and url("../img/bg.svg") is that the former is an absolute path and will always refer to the same resource the latter is a relative path and the resource it refers to will change depending on the URL of the page that makes the request.

For example if the page making the request is then '/img/bg.svg' will look for the SVG at whereas '../img/bg.svg' will look for the SVG at

code of conduct - report abuse