http: adding img-src 'self' data:;

author John Benediktsson <mrjbq7@gmail.com>

Sat, 6 Aug 2022 01:20:43 +0000 (18:20 -0700)

committer John Benediktsson <mrjbq7@gmail.com>

Sat, 6 Aug 2022 01:20:43 +0000 (18:20 -0700)
author John Benediktsson <mrjbq7@gmail.com>
Sat, 6 Aug 2022 01:20:43 +0000 (18:20 -0700)
committer John Benediktsson <mrjbq7@gmail.com>
Sat, 6 Aug 2022 01:20:43 +0000 (18:20 -0700)
diff --git a/basis/http/http.factor b/basis/http/http.factor

index a9995ef3c2275f4afdf7f2c6ebced740da5d61bd..9a20429ab7540e9318043fb544b9c987b9c6e9d6 100644 (file)
--- a/basis/http/http.factor
+++ b/basis/http/http.factor
@@ -173,7 +173,7 @@ TUPLE: request
  : add-modern-headers ( response -- response )
      "max-age=63072000; includeSubDomains; preload" "Strict-Transport-Security" set-header
      "nosniff" "X-Content-Type-Options" set-header
-    "default-src https: 'unsafe-inline'; frame-ancestors 'none'; object-src 'none'" "Content-Security-Policy" set-header
+    "default-src https: 'unsafe-inline'; frame-ancestors 'none'; object-src 'none'; img-src 'self' data:;" "Content-Security-Policy" set-header
      "DENY" "X-Frame-Options" set-header
      "1; mode=block" "X-XSS-Protection" set-header ;
author	John Benediktsson <mrjbq7@gmail.com>
	Sat, 6 Aug 2022 01:20:43 +0000 (18:20 -0700)
committer	John Benediktsson <mrjbq7@gmail.com>
	Sat, 6 Aug 2022 01:20:43 +0000 (18:20 -0700)