From ebe7f5872617311e33dbca1f7f0d2556932c01a0 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 22 Aug 2019 11:14:01 +0200 Subject: Fix image and plugin CSP --- server/middlewares/csp.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts index d484b3021..d11d70790 100644 --- a/server/middlewares/csp.ts +++ b/server/middlewares/csp.ts @@ -7,8 +7,8 @@ const baseDirectives = Object.assign({}, connectSrc: ['*', 'data:'], mediaSrc: ["'self'", 'https:', 'blob:'], fontSrc: ["'self'", 'data:'], - imgSrc: ["'self'", 'data:'], - scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"], + imgSrc: ["'self'", 'data:', 'blob:'], + scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'], styleSrc: ["'self' 'unsafe-inline'"], objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it formAction: ["'self'"], -- cgit v1.2.3