Add blob to default-src csp

NASA-AMMOS · Apr 11, 2023 · 87e05ea · 87e05ea
1 parent 2ee56bc
commit 87e05ea
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/run/server.js b/run/server.js
@@ -426,7 +426,7 @@ const helmet = require("helmet");
 let helmetConfig = {
   contentSecurityPolicy: {
     directives: {
-      defaultSrc: ["'self'", "'unsafe-inline'", "'unsafe-eval'"],
+      defaultSrc: ["'self'", "blob:", "'unsafe-inline'", "'unsafe-eval'"],
       imgSrc: ["*", "data:", "blob:", "'unsafe-inline'"],
       styleSrc: ["*", "data:", "blob:", "'unsafe-inline'"],
       fontSrc: ["*", "data:", "blob:", "'unsafe-inline'"],