Add blob: to connect-src CSP

This commit is contained in:
Alex Gleason 2020-05-29 10:33:31 -05:00
parent 9848978109
commit d38f28870e
No known key found for this signature in database
GPG key ID: 7211D1F99744FBB7
2 changed files with 2 additions and 1 deletions

View file

@ -44,6 +44,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Fix follower/blocks import when nicknames starts with @
- Filtering of push notifications on activities from blocked domains
- Resolving Peertube accounts with Webfinger
- `blob:` urls not being allowed by connect-src CSP
## [Unreleased (patch)]

View file

@ -78,7 +78,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
{img_src, media_src}
end
connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]
connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
connect_src =
if Pleroma.Config.get(:env) == :dev do