Merge branch 'bugfix/csp-unproxied' into 'develop'

http_security_plug.ex: Fix non-proxied media

See merge request pleroma/pleroma!2610

diff --cc lib/pleroma/plugs/http_security_plug.ex
index 41e3a31f43a39c355b3e251e993f452b67395539,58907253558c8a2656f31b72e808f0de0db34ccf..6a339b32ca2e2b5491f992aca5dff5317eb1fc00
--- 1/lib/pleroma/plugs/http_security_plug.ex
--- 2/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@@ -75,10 -75,10 +75,10 @@@ defmodule Pleroma.Plugs.HTTPSecurityPlu
          sources = get_proxy_and_attachment_sources()
          {[img_src, sources], [media_src, sources]}
        else
-         {img_src, media_src}
+         {[img_src, " https:"], [media_src, " https:"]}
        end
  
 -    connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]
 +    connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
  
      connect_src =
        if Pleroma.Config.get(:env) == :dev do