due.moe - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Fuwn <[email protected]>	2026-06-01 14:31:54 +0000
committer	Fuwn <[email protected]>	2026-06-01 14:31:54 +0000
commit	b53c69e654e68ebf86bc3b267616497116d4de77 (patch)
tree	242febb44d6800a00b691e33ba1cf4eed91e7668 /src/lib/LandingAnimeDemo.svelte
parent	feat(security): add Content-Security-Policy (diff)
download	due.moe-b53c69e654e68ebf86bc3b267616497116d4de77.tar.xz due.moe-b53c69e654e68ebf86bc3b267616497116d4de77.zip

fix(security): allow media-src in CSP for external video

Static source sweep found a <video> on the home page (rendered when a user disables all content sections) sourced from video.twimg.com. media-src was unset, so it fell back to default-src 'self' and would be blocked. Add media-src 'self' data: blob: https' (matching img-src).

Diffstat (limited to 'src/lib/LandingAnimeDemo.svelte')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: