Merge branch 'img-src-blob' into 'develop'
Let blob: pass CSP See merge request pleroma/pleroma!2427
This commit is contained in:
commit
01cc93b687
|
@ -36,7 +36,7 @@ content-security-policy:
|
||||||
default-src 'none';
|
default-src 'none';
|
||||||
base-uri 'self';
|
base-uri 'self';
|
||||||
frame-ancestors 'none';
|
frame-ancestors 'none';
|
||||||
img-src 'self' data: https:;
|
img-src 'self' data: blob: https:;
|
||||||
media-src 'self' https:;
|
media-src 'self' https:;
|
||||||
style-src 'self' 'unsafe-inline';
|
style-src 'self' 'unsafe-inline';
|
||||||
font-src 'self';
|
font-src 'self';
|
||||||
|
|
|
@ -75,7 +75,7 @@ defp csp_string do
|
||||||
"default-src 'none'",
|
"default-src 'none'",
|
||||||
"base-uri 'self'",
|
"base-uri 'self'",
|
||||||
"frame-ancestors 'none'",
|
"frame-ancestors 'none'",
|
||||||
"img-src 'self' data: https:",
|
"img-src 'self' data: blob: https:",
|
||||||
"media-src 'self' https:",
|
"media-src 'self' https:",
|
||||||
"style-src 'self' 'unsafe-inline'",
|
"style-src 'self' 'unsafe-inline'",
|
||||||
"font-src 'self'",
|
"font-src 'self'",
|
||||||
|
|
Loading…
Reference in a new issue