Let blob: pass CSP

2020-04-26 00:28:57 -05:00 · 2020-04-26 00:28:57 -05:00 · 1bd9749a8f
parent dbc4791d9d
commit 1bd9749a8f
2 changed files with 2 additions and 2 deletions
--- a/docs/configuration/hardening.md
+++ b/docs/configuration/hardening.md
@ -36,7 +36,7 @@ content-security-policy:
  default-src 'none';
  base-uri 'self';
  frame-ancestors 'none';
-  img-src 'self' data: https:;
+  img-src 'self' data: blob: https:;
  media-src 'self' https:;
  style-src 'self' 'unsafe-inline';
  font-src 'self';
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
      "default-src 'none'",
      "base-uri 'self'",
      "frame-ancestors 'none'",
-      "img-src 'self' data: https:",
+      "img-src 'self' data: blob: https:",
      "media-src 'self' https:",
      "style-src 'self' 'unsafe-inline'",
      "font-src 'self'",