From: John Benediktsson <mrjbq7@gmail.com>
Date: Sat, 6 Aug 2022 01:20:43 +0000 (-0700)
Subject: http: adding img-src 'self' data:;
X-Git-Tag: 0.99~1204
X-Git-Url: https://gitweb.factorcode.org/gitweb.cgi?p=factor.git;a=commitdiff_plain;h=43113a3b4773da6553da84c6bbe9ef493099e3c0

http: adding img-src 'self' data:;
---

diff --git a/basis/http/http.factor b/basis/http/http.factor
index a9995ef3c2..9a20429ab7 100644
--- a/basis/http/http.factor
+++ b/basis/http/http.factor
@@ -173,7 +173,7 @@ TUPLE: request
 : add-modern-headers ( response -- response )
     "max-age=63072000; includeSubDomains; preload" "Strict-Transport-Security" set-header
     "nosniff" "X-Content-Type-Options" set-header
-    "default-src https: 'unsafe-inline'; frame-ancestors 'none'; object-src 'none'" "Content-Security-Policy" set-header
+    "default-src https: 'unsafe-inline'; frame-ancestors 'none'; object-src 'none'; img-src 'self' data:;" "Content-Security-Policy" set-header
     "DENY" "X-Frame-Options" set-header
     "1; mode=block" "X-XSS-Protection" set-header ;