Merge branch 'connect-src' into 'develop'
Add blob: to connect-src CSP, fixes #1827 Closes #1827 See merge request pleroma/pleroma!2608
This commit is contained in:
commit
660d49227b
@ -44,6 +44,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||||||
- Fix follower/blocks import when nicknames starts with @
|
- Fix follower/blocks import when nicknames starts with @
|
||||||
- Filtering of push notifications on activities from blocked domains
|
- Filtering of push notifications on activities from blocked domains
|
||||||
- Resolving Peertube accounts with Webfinger
|
- Resolving Peertube accounts with Webfinger
|
||||||
|
- `blob:` urls not being allowed by connect-src CSP
|
||||||
|
|
||||||
## [Unreleased (patch)]
|
## [Unreleased (patch)]
|
||||||
|
|
||||||
|
@ -78,7 +78,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
|||||||
{img_src, media_src}
|
{img_src, media_src}
|
||||||
end
|
end
|
||||||
|
|
||||||
connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]
|
connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
|
||||||
|
|
||||||
connect_src =
|
connect_src =
|
||||||
if Pleroma.Config.get(:env) == :dev do
|
if Pleroma.Config.get(:env) == :dev do
|
||||||
|
Loading…
Reference in New Issue
Block a user