Fix image and plugin CSP

2019-08-22 11:14:01 +02:00 · 2019-08-22 11:14:01 +02:00 · ebe7f58726
parent 217ffacfdd
commit ebe7f58726
1 changed files with 2 additions and 2 deletions
--- a/server/middlewares/csp.ts
+++ b/server/middlewares/csp.ts
@ -7,8 +7,8 @@ const baseDirectives = Object.assign({},
    connectSrc: ['*', 'data:'],
    mediaSrc: ["'self'", 'https:', 'blob:'],
    fontSrc: ["'self'", 'data:'],
-    imgSrc: ["'self'", 'data:'],
+    imgSrc: ["'self'", 'data:', 'blob:'],
-    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],
+    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
    styleSrc: ["'self' 'unsafe-inline'"],
    objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
    formAction: ["'self'"],