From 5818e8933a7a009be1886d0f1b5de12e0a13cdd9 Mon Sep 17 00:00:00 2001
From: QuantumGhost <obelisk.reg+git@gmail.com>
Date: Thu, 15 May 2025 13:33:33 +0800
Subject: [PATCH] Allow `data:` urls for `img-src` in CSP policies

This allows browser to display embedded images with `data:` urls.
---
 web/middleware.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/middleware.ts b/web/middleware.ts
index 01c78f1956..3314a52d90 100644
--- a/web/middleware.ts
+++ b/web/middleware.ts
@@ -37,7 +37,7 @@ export function middleware(request: NextRequest) {
     style-src 'self' 'unsafe-inline' ${scheme_source} ${whiteList};
     worker-src 'self' ${scheme_source} ${csp} ${whiteList};
     media-src 'self' ${scheme_source} ${csp} ${whiteList};
-    img-src *;
+    img-src http: https: data:;
     font-src 'self';
     object-src 'none';
     base-uri 'self';