From b35afb7cf6c7640380c650ca60c8150bb743eb4b Mon Sep 17 00:00:00 2001
From: James Taylor <user234683@users.noreply.github.com>
Date: Mon, 19 Oct 2020 13:31:32 -0700
Subject: Add 'self' directive for img to CSP when proxy_images is off

The default directive has self, but the img directive overrides
that completely. Need this for local image requests such as
subscriptions

closes #31
---
 youtube/templates/base.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/youtube/templates/base.html b/youtube/templates/base.html
index f325f86..379419c 100644
--- a/youtube/templates/base.html
+++ b/youtube/templates/base.html
@@ -4,7 +4,7 @@
         <meta charset="utf-8">
         <title>{{ page_title }}</title>
         <meta http-equiv="Content-Security-Policy" content="default-src 'self' 'unsafe-inline'; media-src 'self' https://*.googlevideo.com;
-            {{ "img-src https://*.googleusercontent.com https://*.ggpht.com https://*.ytimg.com;" if not settings.proxy_images else "" }}">
+            {{ "img-src 'self' https://*.googleusercontent.com https://*.ggpht.com https://*.ytimg.com;" if not settings.proxy_images else "" }}">
         <link href="{{ theme_path }}" type="text/css" rel="stylesheet">
         <link href="/youtube.com/static/shared.css" type="text/css" rel="stylesheet">
         <link href="/youtube.com/static/comments.css" type="text/css" rel="stylesheet">
-- 
cgit v1.2.3