From 24ba2a150b84ecc8c8525c5c7657738cd843add6 Mon Sep 17 00:00:00 2001 From: shortcutme Date: Mon, 28 Oct 2019 16:42:28 +0100 Subject: [PATCH] Remove limitations for img, font, media, style src in raw mode --- src/Ui/UiRequest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py index 63218f1b..4c4281c3 100644 --- a/src/Ui/UiRequest.py +++ b/src/Ui/UiRequest.py @@ -280,7 +280,7 @@ class UiRequest(object): headers["Access-Control-Allow-Origin"] = "*" # Allow load font files from css if noscript: - headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src 'self'; font-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline';" + headers["Content-Security-Policy"] = "default-src 'none'; sandbox allow-top-navigation allow-forms; img-src *; font-src * data:; media-src *; style-src * 'unsafe-inline';" elif script_nonce and self.isScriptNonceSupported(): headers["Content-Security-Policy"] = "default-src 'none'; script-src 'nonce-{0}'; img-src 'self' blob:; style-src 'self' blob: 'unsafe-inline'; connect-src *; frame-src 'self' blob:".format(script_nonce)