keep the websocket url for all modescsp-flash

author: Henry Jameson <me@hjkos.com> 2023-05-07 15:34:17 +0300
committer: Henry Jameson <me@hjkos.com> 2023-05-07 15:34:17 +0300
commit: 2a07411b0cb14ea26966659605d95074b02a8538 (patch)
tree: c2c13fc0ffdb664201f2d30f309a71d5ecfe1f00
parent: f50fd9278fd36e6bd3ae36bb7f5033d9fd8a84ac (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
index b189d5bfd..b3dc8a3a6 100644
--- a/lib/pleroma/web/plugs/http_security_plug.ex
+++ b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -93,7 +93,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
 
     img_src = "img-src 'self' data: blob:"
     media_src = "media-src 'self'"
-    connect_src = "connect-src 'self' blob:"
+    connect_src = ["connect-src 'self' blob: ", ?\s, websocket_url]
 
     # Strict multimedia CSP enforcement only when MediaProxy is enabled
     {img_src, media_src, connect_src} =
@@ -103,7 +103,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
         {
           [img_src, sources],
           [media_src, sources],
-          [connect_src, sources, ?\s, websocket_url]
+          [connect_src, sources]
         }
       else
         {
author	Henry Jameson <me@hjkos.com>	2023-05-07 15:34:17 +0300
committer	Henry Jameson <me@hjkos.com>	2023-05-07 15:34:17 +0300
commit	2a07411b0cb14ea26966659605d95074b02a8538 (patch)
tree	c2c13fc0ffdb664201f2d30f309a71d5ecfe1f00
parent	f50fd9278fd36e6bd3ae36bb7f5033d9fd8a84ac (diff)