From 1ebc2c59d6d802fa85884bcba209eae29d53cfa8 Mon Sep 17 00:00:00 2001
From: hehoon <100522372+hehoon@users.noreply.github.com>
Date: Mon, 15 Dec 2025 12:58:00 +0100
Subject: [PATCH] Allow `blob:` in img-src CSP

---
 Framework/Backend/http/server.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Framework/Backend/http/server.js b/Framework/Backend/http/server.js
index d17405de9..9d3088b3b 100644
--- a/Framework/Backend/http/server.js
+++ b/Framework/Backend/http/server.js
@@ -156,6 +156,7 @@ class HttpServer {
       directives: {
         /* eslint-disable */
         defaultSrc: ["'self'", "data:", hostname + ':*'],
+        imgSrc: ["'self'", "data:", "blob:"],
         scriptSrc: ["'self'", ...(allow ? ["'unsafe-eval'"] : [])],
         styleSrc: ["'self'", "'unsafe-inline'"],
         connectSrc: ["'self'", 'http://' + hostname + ':' + port, 'https://' + hostname, 'wss://' + hostname, 'ws://' + hostname + ':' + port],