After upgrading Kerio Connect to version 9.2.9 and above, you can experience an issue with email signature and images/pictures not showing. The Developer Tools in the web browser may display the following error:
Refused to load the image '<URL>' because it violates the following Content
Security Policy directive: "img-src 'self' data:"
This article describes a workaround for this issue.
Kerio Connect 9.2.9
Kerio Connect upgrade to version 9.2.9 and above is causing this issue. Developers implemented a new security feature in Version 9.2.9 (as seen below) to protect email clients from suspicious sources.
Released: April 2, 2019
- Faster Contact List (webmail)
- Faster Global Address List (GAL)
- Added HTTP Security Headers
- Navigate to the installation folder. The default paths for various OS are listed below:
Edit the file mailserver.cfg to change the following variable:
<variable name="AppendHeaderContentSecurityPolicy">default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data:;</variable>.
Signature and images are showing in the webmail.