From: Thomas <42033351+thomasdouwes@users.noreply.github.com> Date: Tue, 6 Jun 2023 12:45:17 +0000 (+0100) Subject: Add media-src * to Content-Security-Policy header X-Git-Url: http://these/git/%7B%60%24%7BwebArchiveUrl%7D/%22%7B%7D/%22https:/hacktivis.me/%22?a=commitdiff_plain;h=6a9d61a6dd592409444c881e2fb331f39d8b21c5;p=lemmy-ui.git Add media-src * to Content-Security-Policy header --- diff --git a/src/server/index.tsx b/src/server/index.tsx index 94c8e40..e220cd6 100644 --- a/src/server/index.tsx +++ b/src/server/index.tsx @@ -38,7 +38,7 @@ if (!process.env["LEMMY_UI_DISABLE_CSP"] && !process.env["LEMMY_UI_DEBUG"]) { server.use(function (_req, res, next) { res.setHeader( "Content-Security-Policy", - `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *` + `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *` ); next(); });