Let blob: pass CSP
This commit is contained in:
parent
78391a00c5
commit
6e0b046771
2 changed files with 2 additions and 2 deletions
|
@ -36,7 +36,7 @@ content-security-policy:
|
||||||
default-src 'none';
|
default-src 'none';
|
||||||
base-uri 'self';
|
base-uri 'self';
|
||||||
frame-ancestors 'none';
|
frame-ancestors 'none';
|
||||||
img-src 'self' data: https:;
|
img-src 'self' data: blob: https:;
|
||||||
media-src 'self' https:;
|
media-src 'self' https:;
|
||||||
style-src 'self' 'unsafe-inline';
|
style-src 'self' 'unsafe-inline';
|
||||||
font-src 'self';
|
font-src 'self';
|
||||||
|
|
|
@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
||||||
"default-src 'none'",
|
"default-src 'none'",
|
||||||
"base-uri 'self'",
|
"base-uri 'self'",
|
||||||
"frame-ancestors 'none'",
|
"frame-ancestors 'none'",
|
||||||
"img-src 'self' data: https:",
|
"img-src 'self' data: blob: https:",
|
||||||
"media-src 'self' https:",
|
"media-src 'self' https:",
|
||||||
"style-src 'self' 'unsafe-inline'",
|
"style-src 'self' 'unsafe-inline'",
|
||||||
"font-src 'self'",
|
"font-src 'self'",
|
||||||
|
|
Loading…
Reference in a new issue