GitHub README Images Broken - "violates the following Content Security Policy directive: "img-src 'self'"

Question

SO Community,

I use embedded images (icons, screenshots, etc.) in my GitHub repo READMEs and noticed today that all my images are now broken when they were previously working not that long ago (about a week or so). Some developer friends' repos are showing the same symptoms and browser console errors:

Refused to load the image 'https://raw.githubusercontent.com.x.912eb622002e804d2d0bc98027f64e5bb4af.9270fa5c.id.opendns.co
m/s/raw.githubusercontent.com/terrencemm2/terrencemm2/main/assets/japanese_flag.png?X-OpenDNS-
Session=_912eb622002e804d2d0bc98027f64e5bb4af9270fa5c_MHRsNPzb_' because it violates the 
following Content Security Policy directive: "img-src 'self' data: github.githubassets.com 
identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com 
*.githubusercontent.com".

NOTE: These are correct and display the correct image in a separate tab/window.

Typically, I've dedicated a separate, unmerged branch called media that contains any images I want to use in my README and then linked them like so ...

Option 1: <img> with full raw-content URL.
<img src="https://raw.githubusercontent.com/terrencemm2/terrencemm2/main/assets/azure.png" height=14 />

Option 2: <img> with relative path.
<img align="right" width="100" height="100" src="../media/logo.png?raw=true">

Option 3: Image Markdown syntax per https://guides.github.com/features/mastering-markdown/.
![Screenshot](../media/screenshot.png?raw=true)

Answer 1

The domain you're using for this URL is incorrect. Instead of raw.githubusercontent.com, you're trying to access the domain raw.githubusercontent.com.x.912eb622002e804d2d0bc98027f64e5bb4af.9270fa5c.id.opendns.com, and this is not allowed by GitHub's Content-Security-Policy header.

In all likelihood, you're on a network with a TLS man-in-the-middle device which is tampering with your data. This is insecure, and your browser is correctly refusing to load data from that location, since GitHub's Content-Security-Policy doesn't allow loading that data. You should disable this TLS tampering or contact your network administrator and inform them of this problem, asking them to promptly correct it. Short of doing that, there is no way to solve this problem.