mirror of https://github.com/stashapp/stash.git
Add media-src to content-security-policy (#2132)
This commit is contained in:
parent
bbe99a0dd8
commit
439c338049
|
@ -357,7 +357,7 @@ func SecurityHeadersMiddleware(next http.Handler) http.Handler {
|
|||
}
|
||||
connectableOrigins += "; "
|
||||
|
||||
cspDirectives := "default-src data: 'self' 'unsafe-inline';" + connectableOrigins + "img-src data: *; script-src 'self' 'unsafe-inline'; child-src 'none'; object-src 'none'; form-action 'self'"
|
||||
cspDirectives := "default-src data: 'self' 'unsafe-inline';" + connectableOrigins + "img-src data: *; script-src 'self' 'unsafe-inline'; media-src 'self' blob:; child-src 'none'; object-src 'none'; form-action 'self'"
|
||||
|
||||
w.Header().Set("Referrer-Policy", "same-origin")
|
||||
w.Header().Set("X-Content-Type-Options", "nosniff")
|
||||
|
|
Loading…
Reference in New Issue