Add media-src * to Content-Security-Policy header

author Thomas <42033351+thomasdouwes@users.noreply.github.com>

Tue, 6 Jun 2023 12:45:17 +0000 (13:45 +0100)

committer GitHub <noreply@github.com>

Tue, 6 Jun 2023 12:45:17 +0000 (13:45 +0100)
author Thomas <42033351+thomasdouwes@users.noreply.github.com>
Tue, 6 Jun 2023 12:45:17 +0000 (13:45 +0100)
committer GitHub <noreply@github.com>
Tue, 6 Jun 2023 12:45:17 +0000 (13:45 +0100)
diff --git a/src/server/index.tsx b/src/server/index.tsx

index 94c8e401252cf9fe75239435cd9eba3005b5e452..e220cd6e8b60f1fef1e014e8a4b8a3a2e10fb387 100644 (file)
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -38,7 +38,7 @@ if (!process.env["LEMMY_UI_DISABLE_CSP"] && !process.env["LEMMY_UI_DEBUG"]) {
    server.use(function (_req, res, next) {
      res.setHeader(
        "Content-Security-Policy",
-      `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *`
+      `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *`
      );
      next();
    });
author	Thomas <42033351+thomasdouwes@users.noreply.github.com>
	Tue, 6 Jun 2023 12:45:17 +0000 (13:45 +0100)
committer	GitHub <noreply@github.com>
	Tue, 6 Jun 2023 12:45:17 +0000 (13:45 +0100)