projects / akkoma / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 78391a0)
Let blob: pass CSP
authorAlex Gleason <alex@alexgleason.me>
Sun, 26 Apr 2020 05:28:57 +0000 (00:28 -0500)
committerrinpatch <rinpatch@sdf.org>
Thu, 30 Apr 2020 21:40:09 +0000 (00:40 +0300)
docs/configuration/hardening.md patch | blob | history
lib/pleroma/plugs/http_security_plug.ex patch | blob | history

diff --git a/docs/configuration/hardening.md b/docs/configuration/hardening.md
index b54c28850d04e93d2e245e9bca3263ed20558a3a..d3bfc4e4a692abb34f8fbc038136d876d39ae186 100644 (file)
--- a/docs/configuration/hardening.md
+++ b/docs/configuration/hardening.md
@@ -36,7 +36,7 @@ content-security-policy:
   default-src 'none';
   base-uri 'self';
   frame-ancestors 'none';
-  img-src 'self' data: https:;
+  img-src 'self' data: blob: https:;
   media-src 'self' https:;
   style-src 'self' 'unsafe-inline';
   font-src 'self';
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 81e6b4f2a36c04bc3b693582384c46090be11bc8..6462797b635787d39160b192c80d857e462c1482 100644 (file)
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       "default-src 'none'",
       "base-uri 'self'",
       "frame-ancestors 'none'",
-      "img-src 'self' data: https:",
+      "img-src 'self' data: blob: https:",
       "media-src 'self' https:",
       "style-src 'self' 'unsafe-inline'",
       "font-src 'self'",
Fork of https://akkoma.dev/AkkomaGang/akkoma.git