From dc60da124a0a1dfe3e4dd72720af864adcb30214 Mon Sep 17 00:00:00 2001
From: Rohan Kumar <seirdy@seirdy.one>
Date: Fri, 11 Jun 2021 15:08:09 -0700
Subject: [PATCH] Allow data: URI images in Hugo devserver CSP

---
 config.toml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/config.toml b/config.toml
index 6a34603..e2df06d 100644
--- a/config.toml
+++ b/config.toml
@@ -64,6 +64,8 @@ ordered = true
 [mediaTypes]
 [mediaTypes."text/gemini"]
 suffixes = ["gmi"]
+[mediaTypes."application/manifest+json"]
+suffixes = ["webmanifest"]
 
 [outputFormats]
 [outputFormats.Gemini]
@@ -123,6 +125,6 @@ Referrer-Policy = "no-referrer"
 X-XSS-Protection = "1; mode=block"
 X-FROG-UNSAFE = "1"
 X-UA-Compatible = "IE=edge"
-Content-Security-Policy = "default-src 'none'; img-src 'self' https://seirdy.one; style-src 'self'; script-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; manifest-src 'self'; upgrade-insecure-requests;"
+Content-Security-Policy = "default-src 'none'; img-src 'self' https://seirdy.one data:; style-src 'self'; script-src 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; manifest-src 'self'; upgrade-insecure-requests;"
 Permissions-Policy = "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
 Cache-Control = "max-age=120, no-transform"