]> Untitled Git - lemmy-ui.git/commitdiff
Add media-src * to Content-Security-Policy header
authorThomas <42033351+thomasdouwes@users.noreply.github.com>
Tue, 6 Jun 2023 12:45:17 +0000 (13:45 +0100)
committerGitHub <noreply@github.com>
Tue, 6 Jun 2023 12:45:17 +0000 (13:45 +0100)
src/server/index.tsx

index 94c8e401252cf9fe75239435cd9eba3005b5e452..e220cd6e8b60f1fef1e014e8a4b8a3a2e10fb387 100644 (file)
@@ -38,7 +38,7 @@ if (!process.env["LEMMY_UI_DISABLE_CSP"] && !process.env["LEMMY_UI_DEBUG"]) {
   server.use(function (_req, res, next) {
     res.setHeader(
       "Content-Security-Policy",
-      `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *`
+      `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *`
     );
     next();
   });