From f82a86ca93fe5c76a364d836a2d9bc7c5e015380 Mon Sep 17 00:00:00 2001
From: Michael Q Larson <michaelqlarson@gmail.com>
Date: Thu, 1 Jan 2015 00:51:52 -0800
Subject: [PATCH] whitelist the akamaihd.net url that Facebook uses to host
 profile images

---
 app.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.js b/app.js
index 651a581a570..63f21d0b58c 100644
--- a/app.js
+++ b/app.js
@@ -137,12 +137,13 @@ app.use(helmet.contentSecurityPolicy({
     styleSrc: trusted,
     imgSrc: [
       '*.evernote.com',
-      '*.facebook.com',
       '*.amazonaws.com',
       'data:',
       '*.licdn.com',
       '*.gravatar.com',
       '*.youtube.com',
+      '*.akamaihd.net',
+      'graph.facebook.com',
       '*.githubusercontent.com',
       '*.googleusercontent.com',
     ].concat(trusted),