Ghost seems to violate my CSP policy?

Hello, I just upgraded a blog from v1.24 -> v2.38 -> ghost:latest via the Docker image and I am having an issue now where my blog is always trying to fetch assets from somedomain.com even when the site is being accessed via www.somedomain.com, causing all the assets to be blocked since my CSP is set to same origin. Is there some setting or so that will load resources relative to the subdomain accessing the site?

• What version of Ghost are you using? ghost:latest as of yesterday
• What configuration? Docker
• What browser? All
• What errors or information do you see in the console? None
• What steps could someone else take to reproduce the issue you’re having? Unknown

That sounds like you might have the ghost url configured incorrectly - can you check that your site url is www.somedomain.com and not somedomain.com?

That only swaps the problem. I need my assets to work on both domains.

Worth noting, this issue did not happen when I was using an older version of Ghost. This has only cropped up since I’ve upgraded.

You’ve upgraded from Ghost 1.x to 3.x, and there have been a lot of changes since then, one of them being improved handling of local URLs. I’m guessing that might be what’s “breaking” for you.

You shouldn’t be serving the same content across multiple domains because it creates duplicity issues when search engines crawl your pages. Your best bet is to choose 1 and redirect all traffic to that domain.

I’ve taken your advice and reconfigured nginx to redirect traffic to www.somedomain.com, thanks for the assistance!