From cf62d756afe61c79bba9e384ccf02f7c6a0408ec Mon Sep 17 00:00:00 2001
From: Jonny Barnes <jonny@jonnybarnes.uk>
Date: Fri, 22 Mar 2024 19:05:45 +0000
Subject: [PATCH] Update CSP

Mastodon webmention images are served via my instance, so add to the CSP
---
 app/Http/Middleware/CSPHeader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Middleware/CSPHeader.php b/app/Http/Middleware/CSPHeader.php
index b5c6ee25..da54c47c 100644
--- a/app/Http/Middleware/CSPHeader.php
+++ b/app/Http/Middleware/CSPHeader.php
@@ -28,7 +28,7 @@ class CSPHeader
                 'Content-Security-Policy',
                 "default-src 'self'; " .
                 "style-src 'self' 'unsafe-inline' cloud.typography.com jonnybarnes.uk; " .
-                "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org; " .
+                "img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org https://mastodon.thebeeches.house; " .
                 "font-src 'self' data:; " .
                 "frame-src 'self' https://www.youtube.com blob:; " .
                 'upgrade-insecure-requests; ' .