X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fcsp.ts;h=d11d7079006658cffe03a5b6f9988cbca08c92e9;hb=f2f0eda543ab54eec0f6bcdd8ccf6e382d5cafb6;hp=d484b3021db323a5f68b5f5e29daa7ba3b11ce18;hpb=97567dd81f508dd6295ac4d73d849aa2ce0a6549;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts
index d484b3021..d11d70790 100644
--- a/server/middlewares/csp.ts
+++ b/server/middlewares/csp.ts
@@ -7,8 +7,8 @@ const baseDirectives = Object.assign({},
     connectSrc: ['*', 'data:'],
     mediaSrc: ["'self'", 'https:', 'blob:'],
     fontSrc: ["'self'", 'data:'],
-    imgSrc: ["'self'", 'data:'],
-    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],
+    imgSrc: ["'self'", 'data:', 'blob:'],
+    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
     styleSrc: ["'self' 'unsafe-inline'"],
     objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
     formAction: ["'self'"],