Fix image and plugin CSP

pull/2073/head
Chocobozzz 2019-08-22 11:14:01 +02:00
parent 217ffacfdd
commit ebe7f58726
No known key found for this signature in database
GPG Key ID: 583A612D890159BE
1 changed files with 2 additions and 2 deletions

View File

@ -7,8 +7,8 @@ const baseDirectives = Object.assign({},
connectSrc: ['*', 'data:'],
mediaSrc: ["'self'", 'https:', 'blob:'],
fontSrc: ["'self'", 'data:'],
imgSrc: ["'self'", 'data:'],
scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'"],
imgSrc: ["'self'", 'data:', 'blob:'],
scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
styleSrc: ["'self' 'unsafe-inline'"],
objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
formAction: ["'self'"],