diff options
| author | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2023-08-16 13:34:32 +0000 |
|---|---|---|
| committer | Haelwenn <contact+git.pleroma.social@hacktivis.me> | 2023-08-16 13:34:32 +0000 |
| commit | d838d1990bf23d452c1cc830629e42e51dbd7047 (patch) | |
| tree | cbc5f40ce914c306d33a26372fb5b6982d66b30a | |
| parent | 2a07411b0cb14ea26966659605d95074b02a8538 (diff) | |
| download | pleroma-d838d1990bf23d452c1cc830629e42e51dbd7047.tar.gz pleroma-d838d1990bf23d452c1cc830629e42e51dbd7047.zip | |
Apply lanodan's suggestion(s) to 1 file(s)
| -rw-r--r-- | lib/pleroma/web/plugs/http_security_plug.ex | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index b3dc8a3a6..a3166bc96 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -93,7 +93,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do img_src = "img-src 'self' data: blob:" media_src = "media-src 'self'" - connect_src = ["connect-src 'self' blob: ", ?\s, websocket_url] + connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url] # Strict multimedia CSP enforcement only when MediaProxy is enabled {img_src, media_src, connect_src} = |