diff options
| author | Omar Roth <omarroth@hotmail.com> | 2019-04-08 09:36:12 -0500 |
|---|---|---|
| committer | Omar Roth <omarroth@hotmail.com> | 2019-04-08 09:36:12 -0500 |
| commit | 4bc6501b8d6dfdb5a5b24f468b40a6f3f06d19cf (patch) | |
| tree | d54c0b3758976855a42dd607917f35808c1ccd0a | |
| parent | a1b3b475734816a93f7336fa08b260788c6bc0ec (diff) | |
| download | invidious-4bc6501b8d6dfdb5a5b24f468b40a6f3f06d19cf.tar.gz invidious-4bc6501b8d6dfdb5a5b24f468b40a6f3f06d19cf.tar.bz2 invidious-4bc6501b8d6dfdb5a5b24f468b40a6f3f06d19cf.zip | |
Add 'blob' to CSP
| -rw-r--r-- | src/invidious.cr | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/invidious.cr b/src/invidious.cr index c7b42578..b0900aa0 100644 --- a/src/invidious.cr +++ b/src/invidious.cr @@ -169,7 +169,7 @@ proxies = PROXY_LIST before_all do |env| env.response.headers["X-XSS-Protection"] = "1; mode=block;" env.response.headers["X-Content-Type-Options"] = "nosniff" - env.response.headers["Content-Security-Policy"] = "default-src data: 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' https://*.googlevideo.com:443" + env.response.headers["Content-Security-Policy"] = "default-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' https://*.googlevideo.com:443" env.response.headers["Referrer-Policy"] = "same-origin" if Kemal.config.ssl || config.https_only |