nakidai
/
whoogle-search
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow 'data:' for img src in app CSP 

Disallowing base64 images in the app resulted in broken image
placeholders for things like pronunciation guides, business reviews,
etc.
main
Ben Busby 2021-05-05 12:51:11 -04:00
parent 35aa02167c
commit a7bf9728e3
No known key found for this signature in database
GPG Key ID: 3B08611DF6E62ED2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/__init__.py
View File

@ -51,7 +51,7 @@ app.config['BANG_FILE'] = os.path.join(
'bangs.json') 'bangs.json')
app.config['CSP'] = 'default-src \'none\';' \ app.config['CSP'] = 'default-src \'none\';' \
'manifest-src \'self\';' \ 'manifest-src \'self\';' \
'img-src \'self\';' \ 'img-src \'self\' data:;' \
'style-src \'self\' \'unsafe-inline\';' \ 'style-src \'self\' \'unsafe-inline\';' \
'script-src \'self\';' \ 'script-src \'self\';' \
'media-src \'self\';' \ 'media-src \'self\';' \