Merge branch 'release/1.4.0' into develop

author: Chocobozzz <me@florianbigard.com> 2019-08-22 14:46:47 +0200
committer: Chocobozzz <me@florianbigard.com> 2019-08-22 14:46:47 +0200
commit: d5c8932a601c1854db0a2e399ccaf26e17385f1a (patch)
tree: 8c38f9d7772c6a2d22dbeb84a7c4de6aaf345aeb /server/middlewares/csp.ts
parent: 2a8ae7595c1b7853c47955b4b9ecb4a7f7a68fc0 (diff)
parent: 820546916cad3ae4cc51eab408aef7bbaff3632f (diff)
download: PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.tar.gz
PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.tar.zst
PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts
index d484b3021..d11d70790 100644
--- a/server/middlewares/csp.ts
+++ b/server/middlewares/csp.ts
@@ -7,8 +7,8 @@ const baseDirectives = Object.assign({},
    connectSrc: ['*', 'data:'],
    mediaSrc: ["'self'", 'https:', 'blob:'],
    fontSrc: ["'self'", 'data:'],
-    imgSrc: ["'self'", 'data:'],
+    imgSrc: ["'self'", 'data:', 'blob:'],
-    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],
+    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
    styleSrc: ["'self' 'unsafe-inline'"],
    objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
    formAction: ["'self'"],
author	Chocobozzz <me@florianbigard.com>	2019-08-22 14:46:47 +0200
committer	Chocobozzz <me@florianbigard.com>	2019-08-22 14:46:47 +0200
commit	d5c8932a601c1854db0a2e399ccaf26e17385f1a (patch)
tree	8c38f9d7772c6a2d22dbeb84a7c4de6aaf345aeb /server/middlewares/csp.ts
parent	2a8ae7595c1b7853c47955b4b9ecb4a7f7a68fc0 (diff)
parent	820546916cad3ae4cc51eab408aef7bbaff3632f (diff)
download	PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.tar.gz PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.tar.zst PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.zip

diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index d484b3021..d11d70790 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts
@@ -7,8 +7,8 @@ const baseDirectives = Object.assign({},
7	connectSrc: ['*', 'data:'],	7	connectSrc: ['*', 'data:'],
8	mediaSrc: ["'self'", 'https:', 'blob:'],	8	mediaSrc: ["'self'", 'https:', 'blob:'],
9	fontSrc: ["'self'", 'data:'],	9	fontSrc: ["'self'", 'data:'],
10	imgSrc: ["'self'", 'data:'],	10	imgSrc: ["'self'", 'data:', 'blob:'],
11	scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],	11	scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
12	styleSrc: ["'self' 'unsafe-inline'"],	12	styleSrc: ["'self' 'unsafe-inline'"],
13	objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it	13	objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
14	formAction: ["'self'"],	14	formAction: ["'self'"],