FIX content-security-policy

http.go

@@ -36,7 +36,7 @@ func NewMegaUploader(c Config) MegaUploader {
 			FrameDeny:             true,
 			ContentTypeNosniff:    true,
 			BrowserXssFilter:      true,
-			ContentSecurityPolicy: "default-src 'self'",
+			ContentSecurityPolicy: "default-src 'self'; img-src 'self' data: ",
 		}),
 	}
 }

res/templates/upload.html.tmpl

@@ -34,19 +34,9 @@
 
 {{define "scripts"}}
         <script type="text/javascript" src="{{.Prefix}}/static/dropzone/dropzone.min.js"></script>
-    <script type="text/javascript">
-Dropzone.options.uploadForm = {
-    init: function() {
-        this.on("success", function(file, response) {
-            document.getElementById("responses").textContent += response + "\n";
-        });
-    }
-};
-    </script>
+    <script type="text/javascript" src="{{.Prefix}}/static/upload.js"> </script>
 {{end}}
 {{define "styles"}}
     <link href="{{.Prefix}}/static/dropzone/dropzone.min.css" rel="stylesheet" />
-<style>
-.share-description { font-style: italic; }
-</style>
+    <link href="{{.Prefix}}/static/style.css" rel="stylesheet" />
 {{end}}