X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Fhttp_security_plug.ex;h=6462797b635787d39160b192c80d857e462c1482;hb=2c4844237f294d27f58737f9694f77b1cfcb10e7;hp=0ba412699fcaa27cc1a33bc7611b7628568a4d81;hpb=2bd4d6289bdc01dec69756c5e1ebca551fe3a6e7;p=akkoma

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 0ba412699..6462797b6 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -1,5 +1,5 @@
 # Pleroma: A lightweight social networking server
-# Copyright Â© 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright Â© 2017-2020 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Plugs.HTTPSecurityPlug do
@@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       "default-src 'none'",
       "base-uri 'self'",
       "frame-ancestors 'none'",
-      "img-src 'self' data: https:",
+      "img-src 'self' data: blob: https:",
       "media-src 'self' https:",
       "style-src 'self' 'unsafe-inline'",
       "font-src 'self'",
@@ -129,8 +129,8 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
            izAotX7777777777777777777777777777777777777777Y7n92:
              .;CoIIIIIUAA666666699999ZZZZZZZZZZZZZZZZZZZZ6ov.
 
-
-HTTP Security is disabled. Add this line to your config to enable it:
+HTTP Security is disabled. Please re-enable it to prevent users from attacking
+your instance and your users via malicious posts:
 
       config :pleroma, :http_security, enabled: true
       ")