From cd2df734dde6151faa6a73edb296a5cf768e9a34 Mon Sep 17 00:00:00 2001
From: rinpatch <rinpatch@sdf.org>
Date: Fri, 29 May 2020 21:23:49 +0000
Subject: [PATCH] Merge branch 'bugfix/csp-unproxied' into 'develop'

http_security_plug.ex: Fix non-proxied media

See merge request pleroma/pleroma!2610
---
 lib/pleroma/plugs/http_security_plug.ex | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 2208d1d6c..589072535 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -75,7 +75,7 @@ defp csp_string do
         sources = get_proxy_and_attachment_sources()
         {[img_src, sources], [media_src, sources]}
       else
-        {img_src, media_src}
+        {[img_src, " https:"], [media_src, " https:"]}
       end
 
     connect_src = ["connect-src 'self' ", static_url, ?\s, websocket_url]