re: How do you use an SVG as background image without affecting security? VIEW POST

re: This doesn't work: .back-img { background-image: url("../img/bg.svg") } But this does: .back-img { background-image: url("https:/...

Try url('/img/bg.svg'), not sure if that will work though.

I don't see the difference between your snippet and mine πŸ˜….
I know my relative URL is right, because without CSP it works fine.

default-src 'none' ; script-src 'self'; style-src 'self'; img-src 'self' ; font-src; connect-src 'self'; media-src 'none' ; object-src 'none' ; child-src 'none' ; frame-src 'self'; worker-src 'self' ; frame-ancestors 'none' ; form-action 'none' ; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self';

the difference between url('/img/bg.svg') and url("../img/bg.svg") is that the former is an absolute path and will always refer to the same resource the latter is a relative path and the resource it refers to will change depending on the URL of the page that makes the request.

For example if the page making the request is then '/img/bg.svg' will look for the SVG at whereas '../img/bg.svg' will look for the SVG at

code of conduct - report abuse