From: shibayashi <shibayashi@cypherpunk.observer>
Date: Mon, 26 Nov 2018 19:48:24 +0000 (+0100)
Subject: Add manifest-src to allow manifest.json
X-Git-Url: http://git.squeep.com/?a=commitdiff_plain;h=591b11eafcc49a7812390a03d29596b4a96ad5f8;p=akkoma

Add manifest-src to allow manifest.json
---

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 31c7332f8..84d6506e3 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -39,6 +39,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       "font-src 'self'",
       "script-src 'self'",
       "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
+      "manifest-src 'self'",
       "upgrade-insecure-requests"
     ]
     |> Enum.join("; ")