Merge branch 'img-src-blob' into 'develop'

Let blob: pass CSP See merge request pleroma/pleroma!2427
author: rinpatch <rinpatch@sdf.org> 2020-04-26 11:39:17 +0000
committer: rinpatch <rinpatch@sdf.org> 2020-04-26 11:39:17 +0000
commit: 01cc93b6873b5c50c0fc54774a3b004bf660e46b (patch)
tree: 4ab6f2a20584d95a8c99127d88169c07b4be1298
parent: dbc4791d9d53c09dc0e6183b74924063e0a90dc6 (diff)
parent: 1bd9749a8f31e5f087b0d0ca75b13f4baf461997 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/docs/configuration/hardening.md b/docs/configuration/hardening.md
index b54c28850..d3bfc4e4a 100644
--- a/docs/configuration/hardening.md
+++ b/docs/configuration/hardening.md
@@ -36,7 +36,7 @@ content-security-policy:
   default-src 'none';
   base-uri 'self';
   frame-ancestors 'none';
-  img-src 'self' data: https:;
+  img-src 'self' data: blob: https:;
   media-src 'self' https:;
   style-src 'self' 'unsafe-inline';
   font-src 'self';
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 81e6b4f2a..6462797b6 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       "default-src 'none'",
       "base-uri 'self'",
       "frame-ancestors 'none'",
-      "img-src 'self' data: https:",
+      "img-src 'self' data: blob: https:",
       "media-src 'self' https:",
       "style-src 'self' 'unsafe-inline'",
       "font-src 'self'",
author	rinpatch <rinpatch@sdf.org>	2020-04-26 11:39:17 +0000
committer	rinpatch <rinpatch@sdf.org>	2020-04-26 11:39:17 +0000
commit	01cc93b6873b5c50c0fc54774a3b004bf660e46b (patch)
tree	4ab6f2a20584d95a8c99127d88169c07b4be1298
parent	dbc4791d9d53c09dc0e6183b74924063e0a90dc6 (diff)
parent	1bd9749a8f31e5f087b0d0ca75b13f4baf461997 (diff)