Change summary
pkg/web/webui.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Detailed changes
@@ -243,7 +243,7 @@ func renderHTML(w http.ResponseWriter, templateName string, data interface{}) {
// Security headers
// Note: style-src 'unsafe-inline' is required for inline styles in templates (tree.html, overview.html)
- w.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self' https:; style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'none'")
+ w.Header().Set("Content-Security-Policy", "default-src 'self'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'none'; frame-ancestors 'self'; base-uri 'none'")
w.Header().Set("Referrer-Policy", "no-referrer")
w.Header().Set("X-Content-Type-Options", "nosniff")