From 16ca4dc37caa54923ab7ce2900f2af2303755341 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kov=C3=A1cs=20Zolt=C3=A1n?= <kovacsz@marcusconsulting.hu>
Date: Thu, 29 Jan 2026 15:27:22 +0100
Subject: [PATCH] More permissive CSP header in nginx general configuration.

---
 .metadata                             | Bin 21888 -> 21888 bytes
 .templates/nginx/.nginx/_general.conf |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/.metadata b/.metadata
index 7dad22375b7f18f9e1cffbd644ba6769b4e1c847..429eee93098352ffb0b65946172f3121ac017f4d 100644
GIT binary patch
delta 64
zcmZoz&DgM-al=b?o*7ITnG8T65Ld}RnUP&|@_8Y##R?pzJRh>F!4hv<Vr9S*2blOK
NKk(GqTy4uL0RVO*6IcKM

delta 55
zcmZoz&DgM-al=b?o`sAVnG8TMcXhe;WJY$;$>)W{7AtU=GV4uRGg;9@VX}at$>a^X
KESsxsStS7UR1pUN

diff --git a/.templates/nginx/.nginx/_general.conf b/.templates/nginx/.nginx/_general.conf
index cc98517..0be1667 100644
--- a/.templates/nginx/.nginx/_general.conf
+++ b/.templates/nginx/.nginx/_general.conf
@@ -16,7 +16,7 @@ more_set_headers "X-Frame-Options: SAMEORIGIN";
 more_set_headers "X-Content-Type-Options: nosniff";
 more_set_headers "Referrer-Policy: no-referrer-when-downgrade";
 # These are dummy restrictions (meaningless headers) below.
-more_set_headers "Content-Security-Policy: img-src *";
+more_set_headers "Content-Security-Policy: img-src * data: blob:; ";
 more_set_headers "Permissions-Policy: geolocation=*";
 
 # https://amalgjose.com/2020/05/15/how-to-set-the-allowed-url-length-for-a-nginx-request-error-code-414-uri-too-large/