Add support for image-src external sources

server/configs/application.properties

@@ -131,7 +131,7 @@ management.server.port=@@shutdownPort@@
 #useLocalBuild#    connect-src 'self' ${CONNECTION.SOURCES} ;\
 #useLocalBuild#    object-src 'none' ;\
 #useLocalBuild#    style-src 'self' https: 'unsafe-inline' ${STYLE.SOURCES} ;\
-#useLocalBuild#    img-src 'self' https: data: ;\
+#useLocalBuild#    img-src 'self' https: data: ${IMAGE.SOURCES} ;\
 #useLocalBuild#    font-src 'self' data: ${FONT.SOURCES} ;\
 #useLocalBuild#    script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ;\
 #useLocalBuild#    base-uri 'self' ;\
@@ -146,7 +146,7 @@ csp.report=\
     connect-src 'self' ${CONNECTION.SOURCES} ;                                      /* For security purposes limit allowed connection sources, can be substituted and appended via the LabKey Admin UI */\
     object-src 'none' ;                                                             /* These tags are not currently used by LKS */\
     style-src 'self' 'unsafe-inline' ${STYLE.SOURCES} ;                             /* We currently have a few inline <style> tags that we are weeding out */\
-    img-src 'self' data: ;                                                          /* Limit image loading locations */\
+    img-src 'self' data: ${IMAGE.SOURCES} ;                                         /* Limit image loading locations */\
     font-src 'self' data: ${FONT.SOURCES} ;                                         /* Limit font source loading locations */\
     script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ;     /* Limit scripts that are allowed to those with nonces or transitive scripts */\
     base-uri 'self' ;                                                               /* Limit the base tags to only source from current server */\