From a0d216c61d69741bee701c4453d5ea8e487bb184 Mon Sep 17 00:00:00 2001
From: Michael Weimann <mail@michael-weimann.eu>
Date: Sat, 24 Jul 2021 19:15:03 +0200
Subject: [PATCH] extend content security policy to allow data images

---
 config/config.default.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/config.default.php b/config/config.default.php
index 9a6ef393..1fffd772 100644
--- a/config/config.default.php
+++ b/config/config.default.php
@@ -314,7 +314,7 @@ return [
         'X-Content-Type-Options'  => 'nosniff',
         'X-Frame-Options'         => 'sameorigin',
         'Referrer-Policy'         => 'strict-origin-when-cross-origin',
-        'Content-Security-Policy' => 'default-src \'self\' \'unsafe-inline\' \'unsafe-eval\'',
+        'Content-Security-Policy' => 'default-src \'self\' \'unsafe-inline\' \'unsafe-eval\'; img-src \'self\' data:;',
         'X-XSS-Protection'        => '1; mode=block',
         'Feature-Policy'          => 'autoplay \'none\'',
         //'Strict-Transport-Security' => 'max-age=7776000',