allow base64 audio clips in CSP

c7d8fc7f · Michael Henretty · 1650efa5 · c7d8fc7f · c7d8fc7f
Commit c7d8fc7f authored Oct 02, 2017 by Michael Henretty
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

nubis/puppet/web.pp nubis/puppet/web.pp +1 -1

server/src/server.ts server/src/server.ts +1 -1

No files found.
--- a/nubis/puppet/web.pp
+++ b/nubis/puppet/web.pp
@@ -77,7 +77,7 @@ apache::vhost { $project_name:
      'set X-Frame-Options "DENY"',
      'set Strict-Transport-Security "max-age=31536000"',
      # media-src blob: is required for recording audio.
-      'set Content-Security-Policy "default-src \'none\'; style-src \'self\'; img-src \'self\' www.google-analytics.com; media-src blob: https://*.amazonaws.com; script-src \'self\' https://www.google-analytics.com/analytics.js; font-src \'self\'; connect-src \'self\'"'
+      'set Content-Security-Policy "default-src \'none\'; style-src \'self\'; img-src \'self\' www.google-analytics.com; media-src data: blob: https://*.amazonaws.com; script-src \'self\' https://www.google-analytics.com/analytics.js; font-src \'self\'; connect-src \'self\'"'
    ],
    rewrites           => [
      {

--- a/server/src/server.ts
+++ b/server/src/server.ts
@@ -25,7 +25,7 @@ export default class Server {
        cache: false,
        headers: {
          'Content-Security-Policy':
-            "default-src 'none'; style-src 'self'; img-src 'self' www.google-analytics.com; media-src blob: https://*.amazonaws.com; script-src 'self' https://www.google-analytics.com/analytics.js; font-src 'self'; connect-src 'self'",
+            "default-src 'none'; style-src 'self'; img-src 'self' www.google-analytics.com; media-src data: blob: https://*.amazonaws.com; script-src 'self' https://www.google-analytics.com/analytics.js; font-src 'self'; connect-src 'self'",
        },
      }
    );