diff options
| author | Omar Roth <omarroth@hotmail.com> | 2019-04-08 09:39:47 -0500 |
|---|---|---|
| committer | Omar Roth <omarroth@hotmail.com> | 2019-04-08 09:39:47 -0500 |
| commit | 4aededf038a7f9ce8e99e29a8e6e7b6c5130e4b5 (patch) | |
| tree | ec880c8b39c3b548e0c948839149bc192cc77a34 | |
| parent | 4bc6501b8d6dfdb5a5b24f468b40a6f3f06d19cf (diff) | |
| download | invidious-4aededf038a7f9ce8e99e29a8e6e7b6c5130e4b5.tar.gz invidious-4aededf038a7f9ce8e99e29a8e6e7b6c5130e4b5.tar.bz2 invidious-4aededf038a7f9ce8e99e29a8e6e7b6c5130e4b5.zip | |
Add media-src blob: to CSP
| -rw-r--r-- | src/invidious.cr | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/invidious.cr b/src/invidious.cr index b0900aa0..a58749ac 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -169,7 +169,7 @@ proxies = PROXY_LIST before_all do |env| env.response.headers["X-XSS-Protection"] = "1; mode=block;" env.response.headers["X-Content-Type-Options"] = "nosniff" - env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' https://*.googlevideo.com:443" + env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; media-src blob: 'self' https://*.googlevideo.com:443" env.response.headers["Referrer-Policy"] = "same-origin" if Kemal.config.ssl || config.https_only |