From 6a9d61a6dd592409444c881e2fb331f39d8b21c5 Mon Sep 17 00:00:00 2001
From: Thomas <42033351+thomasdouwes@users.noreply.github.com>
Date: Tue, 6 Jun 2023 13:45:17 +0100
Subject: [PATCH] Add media-src * to Content-Security-Policy header

---
 src/server/index.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server/index.tsx b/src/server/index.tsx
index 94c8e40..e220cd6 100644
--- a/src/server/index.tsx
+++ b/src/server/index.tsx
@@ -38,7 +38,7 @@ if (!process.env["LEMMY_UI_DISABLE_CSP"] && !process.env["LEMMY_UI_DEBUG"]) {
   server.use(function (_req, res, next) {
     res.setHeader(
       "Content-Security-Policy",
-      `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *`
+      `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *`
     );
     next();
   });
-- 
2.44.1