From cd2df734dde6151faa6a73edb296a5cf768e9a34 Mon Sep 17 00:00:00 2001 From: rinpatch Date: Fri, 29 May 2020 21:23:49 +0000 Subject: [PATCH] Merge branch 'bugfix/csp-unproxied' into 'develop' http_security_plug.ex: Fix non-proxied media See merge request pleroma/pleroma!2610 --- lib/pleroma/plugs/http_security_plug.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 2208d1d6c..589072535 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -75,7 +75,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do sources = get_proxy_and_attachment_sources() {[img_src, sources], [media_src, sources]} else - {img_src, media_src} + {[img_src, " https:"], [media_src, " https:"]} end connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]