media: add media-src to CSP to work around chrome bug

2024-12-14 00:19:54 +02:00 · 2024-12-14 00:19:54 +02:00 · 0fb9805c85
commit 0fb9805c85
parent cee4e2f347
1 changed files with 1 additions and 1 deletions
--- a/pkg/gomuks/media.go
+++ b/pkg/gomuks/media.go
@ -109,7 +109,7 @@ func cacheEntryToHeaders(w http.ResponseWriter, entry *database.Media) {
 	w.Header().Set("Content-Type", entry.MimeType)
 	w.Header().Set("Content-Length", strconv.FormatInt(entry.Size, 10))
 	w.Header().Set("Content-Disposition", mime.FormatMediaType(entry.ContentDisposition(), map[string]string{"filename": entry.FileName}))
-	w.Header().Set("Content-Security-Policy", "sandbox; default-src 'none'; script-src 'none';")
+	w.Header().Set("Content-Security-Policy", "sandbox; default-src 'none'; script-src 'none'; media-src 'self';")
 	w.Header().Set("Cache-Control", "max-age=2592000, immutable")
 	w.Header().Set("ETag", entry.ETag())
 }