From 6a9d61a6dd592409444c881e2fb331f39d8b21c5 Mon Sep 17 00:00:00 2001 From: Thomas <42033351+thomasdouwes@users.noreply.github.com> Date: Tue, 6 Jun 2023 13:45:17 +0100 Subject: [PATCH] Add media-src * to Content-Security-Policy header --- src/server/index.tsx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/index.tsx b/src/server/index.tsx index 94c8e401..e220cd6e 100644 --- a/src/server/index.tsx +++ b/src/server/index.tsx @@ -38,7 +38,7 @@ if (!process.env["LEMMY_UI_DISABLE_CSP"] && !process.env["LEMMY_UI_DEBUG"]) { server.use(function (_req, res, next) { res.setHeader( "Content-Security-Policy", - `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *` + `default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *` ); next(); });