From e6d167c63cdcd345eb00e1dccfbfad44d81c4965 Mon Sep 17 00:00:00 2001
From: David Mehren <git@herrmehren.de>
Date: Sun, 15 Aug 2021 00:35:57 +0200
Subject: [PATCH] CSP: Allow all sources for media

Otherwise, `video` tags and reveal background video
does not work

Signed-off-by: David Mehren <git@herrmehren.de>
---
 lib/csp.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/csp.js b/lib/csp.js
index b559d8d3c..52a8d4b8a 100644
--- a/lib/csp.js
+++ b/lib/csp.js
@@ -22,7 +22,8 @@ const defaultDirectives = {
   ],
   styleSrc: [config.serverURL + '/build/', config.serverURL + '/css/', '\'unsafe-inline\'', 'https://github.githubassets.com'], // unsafe-inline is required for some libs, plus used in views
   objectSrc: ['*'], // Chrome PDF viewer treats PDFs as objects :/
-  formAction: ['\'self\'']
+  formAction: ['\'self\''],
+  mediaSrc: ['*']
 }
 
 const cdnDirectives = {