Merge branch 'csp-remote-media' into 'develop'
csp: load any media over https, not just local media See merge request soapbox-pub/ditto!41
This commit is contained in:
commit
34b022ea51
|
@ -10,8 +10,8 @@ const csp = (): AppMiddleware => {
|
|||
'upgrade-insecure-requests',
|
||||
`script-src 'self'`,
|
||||
`connect-src 'self' blob: ${Conf.localDomain} ${wsProtocol}//${host}`,
|
||||
`media-src 'self' ${Conf.mediaDomain}`,
|
||||
`img-src 'self' data: blob: ${Conf.mediaDomain}`,
|
||||
`media-src 'self' https:`,
|
||||
`img-src 'self' data: blob: https:`,
|
||||
`default-src 'none'`,
|
||||
`base-uri 'self'`,
|
||||
`frame-ancestors 'none'`,
|
||||
|
|
Loading…
Reference in New Issue