From 0fb9805c858a8a99550ae1c891170c7492ed437d Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Sat, 14 Dec 2024 00:19:54 +0200
Subject: [PATCH] media: add media-src to CSP to work around chrome bug

---
 pkg/gomuks/media.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/gomuks/media.go b/pkg/gomuks/media.go
index 01e7637..c6d847f 100644
--- a/pkg/gomuks/media.go
+++ b/pkg/gomuks/media.go
@@ -109,7 +109,7 @@ func cacheEntryToHeaders(w http.ResponseWriter, entry *database.Media) {
 	w.Header().Set("Content-Type", entry.MimeType)
 	w.Header().Set("Content-Length", strconv.FormatInt(entry.Size, 10))
 	w.Header().Set("Content-Disposition", mime.FormatMediaType(entry.ContentDisposition(), map[string]string{"filename": entry.FileName}))
-	w.Header().Set("Content-Security-Policy", "sandbox; default-src 'none'; script-src 'none';")
+	w.Header().Set("Content-Security-Policy", "sandbox; default-src 'none'; script-src 'none'; media-src 'self';")
 	w.Header().Set("Cache-Control", "max-age=2592000, immutable")
 	w.Header().Set("ETag", entry.ETag())
 }