Fix storyboard not loading images from i.ytimg.com

2025-08-09 14:18:29 +00:00 · 2020-09-08 14:26:57 +08:00 · 2020-09-08 14:26:57 +08:00 · 0f4d57416e
commit 0f4d57416e
parent 4a6e920d0e
1 changed files with 1 additions and 1 deletions
--- a/src/invidious.cr
+++ b/src/invidious.cr
@ -257,7 +257,7 @@ before_all do |env|
    extra_media_csp += " https://*.googlevideo.com:443"
  end
  # TODO: Remove style-src's 'unsafe-inline', requires to remove all inline styles (<style> [..] </style>, style=" [..] ")
-  env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}"
+  env.response.headers["Content-Security-Policy"] = "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src https://i.ytimg.com 'self' data:; font-src 'self' data:; connect-src 'self'; manifest-src 'self'; media-src 'self' blob:#{extra_media_csp}"
  env.response.headers["Referrer-Policy"] = "same-origin"

  if (Kemal.config.ssl || config.https_only) && config.hsts