From 43113a3b4773da6553da84c6bbe9ef493099e3c0 Mon Sep 17 00:00:00 2001
From: John Benediktsson <mrjbq7@gmail.com>
Date: Fri, 5 Aug 2022 18:20:43 -0700
Subject: [PATCH] http: adding img-src 'self' data:;

---
 basis/http/http.factor | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/basis/http/http.factor b/basis/http/http.factor
index a9995ef3c2..9a20429ab7 100644
--- a/basis/http/http.factor
+++ b/basis/http/http.factor
@@ -173,7 +173,7 @@ TUPLE: request
 : add-modern-headers ( response -- response )
     "max-age=63072000; includeSubDomains; preload" "Strict-Transport-Security" set-header
     "nosniff" "X-Content-Type-Options" set-header
-    "default-src https: 'unsafe-inline'; frame-ancestors 'none'; object-src 'none'" "Content-Security-Policy" set-header
+    "default-src https: 'unsafe-inline'; frame-ancestors 'none'; object-src 'none'; img-src 'self' data:;" "Content-Security-Policy" set-header
     "DENY" "X-Frame-Options" set-header
     "1; mode=block" "X-XSS-Protection" set-header ;
 
-- 
2.34.1