Fix image and plugin CSP

author Chocobozzz <me@florianbigard.com>

Thu, 22 Aug 2019 09:14:01 +0000 (11:14 +0200)

committer Chocobozzz <me@florianbigard.com>

Thu, 22 Aug 2019 09:14:01 +0000 (11:14 +0200)
author Chocobozzz <me@florianbigard.com>
Thu, 22 Aug 2019 09:14:01 +0000 (11:14 +0200)
committer Chocobozzz <me@florianbigard.com>
Thu, 22 Aug 2019 09:14:01 +0000 (11:14 +0200)
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts

index d484b3021db323a5f68b5f5e29daa7ba3b11ce18..d11d7079006658cffe03a5b6f9988cbca08c92e9 100644 (file)
--- a/server/middlewares/csp.ts
+++ b/server/middlewares/csp.ts
@@ -7,8 +7,8 @@ const baseDirectives = Object.assign({},
      connectSrc: ['*', 'data:'],
      mediaSrc: ["'self'", 'https:', 'blob:'],
      fontSrc: ["'self'", 'data:'],
-    imgSrc: ["'self'", 'data:'],
-    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],
+    imgSrc: ["'self'", 'data:', 'blob:'],
+    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
      styleSrc: ["'self' 'unsafe-inline'"],
      objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
      formAction: ["'self'"],
author	Chocobozzz <me@florianbigard.com>
	Thu, 22 Aug 2019 09:14:01 +0000 (11:14 +0200)
committer	Chocobozzz <me@florianbigard.com>
	Thu, 22 Aug 2019 09:14:01 +0000 (11:14 +0200)