commit: d23b3701d8f1341f3e4565d35ffa0c25b83af51d
parent: 32ba2b7f9f5a285e76160f0a1317fcaaae49e27e
Author: rinpatch <rinpatch@sdf.org>
Date: Fri, 29 May 2020 21:23:49 +0000
Merge branch 'bugfix/csp-unproxied' into 'develop'
http_security_plug.ex: Fix non-proxied media
See merge request pleroma/pleroma!2610
Diffstat:
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
@@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
sources = get_proxy_and_attachment_sources()
{[img_src, sources], [media_src, sources]}
else
- {img_src, media_src}
+ {[img_src, " https:"], [media_src, " https:"]}
end
connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]