squeegily
/
pleroma
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 42 Wiki Activity
Browse Source

Merge branch 'connect-src' into 'develop' 

Add blob: to connect-src CSP, fixes #1827

Closes #1827

See merge request pleroma/pleroma!2608
1570-levenshtein-distance-user-search
rinpatch 4 years ago
parent
219d2b3146 d38f28870e
commit
660d49227b
2 changed files with 2 additions and 1 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      CHANGELOG.md
  2. +1
    -1
      lib/pleroma/plugs/http_security_plug.ex

+ 1
- 0
CHANGELOG.md View File

@@ -44,6 +44,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Fix follower/blocks import when nicknames starts with @
- Filtering of push notifications on activities from blocked domains
- Resolving Peertube accounts with Webfinger
- `blob:` urls not being allowed by connect-src CSP

## [Unreleased (patch)]



+ 1
- 1
lib/pleroma/plugs/http_security_plug.ex View File

@@ -78,7 +78,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
{img_src, media_src}
end

connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]
connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]

connect_src =
if Pleroma.Config.get(:env) == :dev do


Write Preview
Loading…
Cancel
Save