Let blob: pass CSP

author: Alex Gleason <alex@alexgleason.me> 2020-04-26 00:28:57 -0500
committer: rinpatch <rinpatch@sdf.org> 2020-05-01 00:40:09 +0300
commit: 6e0b046771304bb8b733cebecc20a31a4df5e616 (patch)
tree: 8fa9b11bef52cfaa97a090cabf95e9e1c226c7d5
parent: 78391a00c579696b1555bbe5373e128b932cfc3f (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/docs/configuration/hardening.md b/docs/configuration/hardening.md
index b54c28850..d3bfc4e4a 100644
--- a/docs/configuration/hardening.md
+++ b/docs/configuration/hardening.md
@@ -36,7 +36,7 @@ content-security-policy:
   default-src 'none';
   base-uri 'self';
   frame-ancestors 'none';
-  img-src 'self' data: https:;
+  img-src 'self' data: blob: https:;
   media-src 'self' https:;
   style-src 'self' 'unsafe-inline';
   font-src 'self';
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 81e6b4f2a..6462797b6 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       "default-src 'none'",
       "base-uri 'self'",
       "frame-ancestors 'none'",
-      "img-src 'self' data: https:",
+      "img-src 'self' data: blob: https:",
       "media-src 'self' https:",
       "style-src 'self' 'unsafe-inline'",
       "font-src 'self'",
author	Alex Gleason <alex@alexgleason.me>	2020-04-26 00:28:57 -0500
committer	rinpatch <rinpatch@sdf.org>	2020-05-01 00:40:09 +0300
commit	6e0b046771304bb8b733cebecc20a31a4df5e616 (patch)
tree	8fa9b11bef52cfaa97a090cabf95e9e1c226c7d5
parent	78391a00c579696b1555bbe5373e128b932cfc3f (diff)