From 5bd6d4de270bd5ebc30ce1c15b7382f9dd00f688 Mon Sep 17 00:00:00 2001
From: Nolan Lawson <nolan.lawson@gmail.com>
Date: Wed, 3 May 2017 22:39:33 -0700
Subject: [PATCH] update image-src/media-src to be more lax

---
 Running-Mastodon/Production-guide.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Running-Mastodon/Production-guide.md b/Running-Mastodon/Production-guide.md
index 54aa5ba..8d39728 100644
--- a/Running-Mastodon/Production-guide.md
+++ b/Running-Mastodon/Production-guide.md
@@ -60,7 +60,7 @@ server {
   gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
 
   add_header Strict-Transport-Security "max-age=31536000";
-  add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' data:; media-src 'self' data:; connect-src 'self' wss://example.com; font-src 'self'; frame-ancestors 'none'; manifest-src 'self';";
+  add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://example.com; upgrade-insecure-requests";
   add_header Referrer-Policy "strict-origin-when-cross-origin";
 
   location / {