From c002c7b681b4a58ea9f5727195984fafb995ccae Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Fri, 6 Aug 2021 12:11:53 +0200
Subject: [PATCH] CSP: Allow self as manifest-src

Chrome complains otherwise, as it can't download the Web Manifest.

Signed-off-by: David Mehren <git@herrmehren.de>
---
 lib/csp.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/csp.js b/lib/csp.js
index c54007646..cc36b5324 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -8,6 +8,7 @@ const defaultDirectives = {
   baseUri: ['\'self\''],
   connectSrc: ['\'self\''],
   fontSrc: ['\'self\''],
+  manifestSrc: ['\'self\''],
   frameSrc: ['\'self\'', 'https://player.vimeo.com', 'https://www.slideshare.net/slideshow/embed_code/key/', 'https://www.youtube.com'],
   imgSrc: ['*'], // we allow using arbitrary images
   scriptSrc: [