Adapt feeds content-type to accept header

[github/Chocobozzz/PeerTube.git] / server / middlewares / csp.ts

diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts
index 404e33b43c503193ce4cea3654dfc5d0e0995663..d11d7079006658cffe03a5b6f9988cbca08c92e9 100644 (file)
--- a/server/middlewares/csp.ts
+++ b/server/middlewares/csp.ts
@@ -1,5 +1,5 @@
 import * as helmet from 'helmet'
-import { CONFIG } from '../initializers/constants'
+import { CONFIG } from '../initializers/config'
 
 const baseDirectives = Object.assign({},
   {
@@ -7,8 +7,8 @@ const baseDirectives = Object.assign({},
     connectSrc: ['*', 'data:'],
     mediaSrc: ["'self'", 'https:', 'blob:'],
     fontSrc: ["'self'", 'data:'],
-    imgSrc: ["'self'", 'data:'],
-    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],
+    imgSrc: ["'self'", 'data:', 'blob:'],
+    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
     styleSrc: ["'self' 'unsafe-inline'"],
     objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
     formAction: ["'self'"],