Fijxu/invidious
7
7
Fork 3
Code Issues 24 Pull requests Projects Releases Packages 1 Wiki Activity Actions

use Host header on img-src 'self' data: CSP
Some checks failed
Invidious CI / build (push) Failing after 1m9s
Details

Browse source
This commit is contained in:
Fijxu 2025-04-02 20:44:33 -03:00
parent 10b4bfa315
commit 937f72bb92
Signed by: Fijxu
GPG key ID: 32C1DDF333EDA6A4
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/invidious/routes/before_all.cr
View file

@ -80,7 +80,7 @@ module Invidious::Routes::BeforeAll
"default-src 'none'", "default-src 'none'",
"script-src 'self'", "script-src 'self'",
"style-src 'self' 'unsafe-inline'", "style-src 'self' 'unsafe-inline'",
"img-src 'self' data: " + HOST_URL, "img-src 'self' data: " + env.request.headers["Host"]?,
"font-src 'self' data:", "font-src 'self' data:",
"connect-src 'self'" + extra_connect_csp, "connect-src 'self'" + extra_connect_csp,
"manifest-src 'self'", "manifest-src 'self'",