I want to know the way of using cdn in play 2.6.x.
I got the solve: i need to set the cdn in contentSecurityPolicy
Web security is based on same-origin policy (SOP), which prevents a website from accessing data outside its own origin. In theory, this should be enough to ensure security, but the modern web requires sites to include lots of assets from external sources, such as scripts and other resources from content delivery networks (CDNs), Google Analytics scripts, fonts, styles, comment modules, social media buttons – the list goes on.
At the same time, malicious hackers use cross-site scripting (XSS) attacks to trick websites trusted by the user into delivering malicious code. Without additional safety measures, the browser executes all code from a trusted origin and can’t tell which code is legitimate, so any injected malicious code is executed as well.
To prevent this, CSP is used. If any website enable CSP, to allow external source you will have to white list those source based on directives.
Here is the documentation.
In 2.6.x I allowed external image source by this in config file. img-src 'self' source-domain:
play.filters.headers.contentSecurityPolicy = "default-src 'self'; img-src 'self' http://res.cloudinary.com/playtest/image/upload/; "
http://res.cloudinary.com/playtest/image/upload/ is my source domain.
In 2.7.x or 2.8.x if you enable csp in config
follow the documentation.
You can set in config
E.g
play.filters.csp.directives.img-src = "'self' https://domainanme/" /// to allow external source.