Let blob: pass CSP

author: Alex Gleason <alex@alexgleason.me> 2020-04-26 00:28:57 -0500
committer: Alex Gleason <alex@alexgleason.me> 2020-04-26 00:29:42 -0500
commit: 1bd9749a8f31e5f087b0d0ca75b13f4baf461997 (patch)
tree: 4ab6f2a20584d95a8c99127d88169c07b4be1298
parent: dbc4791d9d53c09dc0e6183b74924063e0a90dc6 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/docs/configuration/hardening.md b/docs/configuration/hardening.md
index b54c28850..d3bfc4e4a 100644
--- a/docs/configuration/hardening.md
+++ b/docs/configuration/hardening.md
@@ -36,7 +36,7 @@ content-security-policy:
   default-src 'none';
   base-uri 'self';
   frame-ancestors 'none';
-  img-src 'self' data: https:;
+  img-src 'self' data: blob: https:;
   media-src 'self' https:;
   style-src 'self' 'unsafe-inline';
   font-src 'self';
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 81e6b4f2a..6462797b6 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       "default-src 'none'",
       "base-uri 'self'",
       "frame-ancestors 'none'",
-      "img-src 'self' data: https:",
+      "img-src 'self' data: blob: https:",
       "media-src 'self' https:",
       "style-src 'self' 'unsafe-inline'",
       "font-src 'self'",
author	Alex Gleason <alex@alexgleason.me>	2020-04-26 00:28:57 -0500
committer	Alex Gleason <alex@alexgleason.me>	2020-04-26 00:29:42 -0500
commit	1bd9749a8f31e5f087b0d0ca75b13f4baf461997 (patch)
tree	4ab6f2a20584d95a8c99127d88169c07b4be1298
parent	dbc4791d9d53c09dc0e6183b74924063e0a90dc6 (diff)