Custom logo is blocked NotSameOriginAfterDefaultedToSameOriginByCoep


We are using a SonarQube v10.5.1 docker image deployed in AWS ECS. We have customized the logo using sonar.lf.logoUrl setting that points to an image on a different domain. It used to work until recently, but now the image is no longer displayed and I see the following error in the browser’s console:

net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200 (OK)

Any thoughts?


Welcome to the community!

Yeah… We broke that. It’ll be fixed in 10.6.


1 Like

Thanks for confirming. Looking forward to 10.6.

1 Like

@ganncamp Just to confirm. Will this also affect using SonarQube badges in GitLab (GitLab badges)?

What is the release date for 10.6?



Sorry for being too lazy to look up the ticket last time. Here it is:

SONAR-22149 Make Cross-Origin-Resource-Policy less restrictive

Yes, Jimisola it may also be affecting PR decoration images.

Look for 10.6 in ~1mo.


@ganncamp Considering that this does not only affect sonar.lf.logoUrl and that there is no workaround in the issue tracker, is there any chance of reconsidering including in a patch for 10.5? Our GitLab, documentation etc does not look good at all thanks to this error.

Not to mention that it is has priority set to “Critical”…

Hi Jimisola,

It’s not my decision, so nothing for me to consider. And I can tell you that since it’s “purely” cosmetic, there’s about a snowball’s chance.


Ok. That’s too bad. Does it still count as cosmetic if we include them in our documentation/reports? :wink:

FYI, you can use base64 encoded image in sonar.lf.logoUrl:


1 Like