commit: 01cc93b6873b5c50c0fc54774a3b004bf660e46b
parent dbc4791d9d53c09dc0e6183b74924063e0a90dc6
Author: rinpatch <rinpatch@sdf.org>
Date: Sun, 26 Apr 2020 11:39:17 +0000
Merge branch 'img-src-blob' into 'develop'
Let blob: pass CSP
See merge request pleroma/pleroma!2427
Diffstat:
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/configuration/hardening.md b/docs/configuration/hardening.md
@@ -36,7 +36,7 @@ content-security-policy:
default-src 'none';
base-uri 'self';
frame-ancestors 'none';
- img-src 'self' data: https:;
+ img-src 'self' data: blob: https:;
media-src 'self' https:;
style-src 'self' 'unsafe-inline';
font-src 'self';
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
@@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
"default-src 'none'",
"base-uri 'self'",
"frame-ancestors 'none'",
- "img-src 'self' data: https:",
+ "img-src 'self' data: blob: https:",
"media-src 'self' https:",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
