From 9e8b28d2c838d9a689808de66bc6a799d61e985e Mon Sep 17 00:00:00 2001
From: Maksim Pechnikov <parallel588@gmail.com>
Date: Thu, 28 May 2020 21:54:37 +0300
Subject: fix CSP: img-src, media-src

---
 lib/pleroma/plugs/http_security_plug.ex | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 6462797b6..2423715aa 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -50,7 +50,7 @@ defp headers do
   end
 
   defp csp_string do
-    scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
+    scheme = Config.get([Pleroma.Web.Endpoint, :url, :scheme])
     static_url = Pleroma.Web.Endpoint.static_url()
     websocket_url = Pleroma.Web.Endpoint.websocket_url()
     report_uri = Config.get([:http_security, :report_uri])
@@ -75,8 +75,8 @@ defp csp_string do
       "default-src 'none'",
       "base-uri 'self'",
       "frame-ancestors 'none'",
-      "img-src 'self' data: blob: https:",
-      "media-src 'self' https:",
+      "img-src 'self' data: blob: #{scheme}:",
+      "media-src 'self' #{scheme}:",
       "style-src 'self' 'unsafe-inline'",
       "font-src 'self'",
       "manifest-src 'self'",
-- 
cgit v1.2.3