From e9a1d61027884cd084b9e66d5b16b75647c08f35 Mon Sep 17 00:00:00 2001
From: Daniel Winzen <daniel@danwin1210.me>
Date: Thu, 7 May 2020 20:38:17 +0200
Subject: [PATCH] Allow data URI for img and media in CSP

---
 chat.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chat.php b/chat.php
index b396837..ba834f6 100644
--- a/chat.php
+++ b/chat.php
@@ -3286,7 +3286,7 @@ function send_headers(){
 	header('Cache-Control: no-cache, no-store, must-revalidate, max-age=0');
 	header('Expires: 0');
 	header('Referrer-Policy: no-referrer');
-	header("Content-Security-Policy: default-src 'self'; img-src *; media-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'");
+	header("Content-Security-Policy: default-src 'self'; img-src * data:; media-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'");
     header('X-Content-Type-Options: nosniff');
     header('X-Frame-Options: sameorigin');
     header('X-XSS-Protection: 1; mode=block');