bridges.tpo CSP header doesn't allow to visualize SVG images
polyanthum's apache has the following rule for bridges.torproject.org:
Header always set Content-Security-Policy "default-src 'none'; base-uri 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self';"
In firefox and TB this blocks the rendering of SVG images. I think we need to replace the style-src 'self' for 'unsafe-inline', but I'm not an expert on CSP and I haven't really tested it.