Adjust CSP policy for images

Author: vdegove

apps/transport/lib/transport_web/plugs/custom_secure_browser_headers.ex

@@ -43,8 +43,7 @@ defmodule TransportWeb.Plugs.CustomSecureBrowserHeaders do
         "connect-src" => "*",
         "font-src" => "*",
         "frame-ancestors" => "'none'",
-        "img-src" =>
-          "'self' data: https://api.mapbox.com https://data.geopf.fr https://static.data.gouv.fr https://www.data.gouv.fr https://*.dmcdn.net #{Transport.S3.permanent_url(:logos)}",
+        "img-src" => "'self' https: data:",
         "script-src" => "'self' 'unsafe-eval' 'unsafe-inline' https://stats.data.gouv.fr/matomo.js",
         "frame-src" => "https://*.dailymotion.com",
         "style-src" => "'self' 'nonce-#{nonce}' #{vega_hash_values}",