From 9ab17d17215babc2bf3f0f5e0a6d0a4dad047850 Mon Sep 17 00:00:00 2001
From: Simon Eisenmann <simon@struktur.de>
Date: Fri, 19 Dec 2014 11:56:41 +0100
Subject: [PATCH] Enhanded recommended CSP to include support for pdf web
 worker which loads stuff from blob: urls.

---
 server.conf.in | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server.conf.in b/server.conf.in
index 1555d3ce..9774b62c 100644
--- a/server.conf.in
+++ b/server.conf.in
@@ -107,8 +107,9 @@ serverRealm = local
 ; The currently recommended CSP is:
 ;   default-src 'self';
 ;   style-src 'self' 'unsafe-inline';
-;   img-src 'self' data:;
-;   connect-src 'self' wss://server:port/ws;
+;   img-src 'self' data: blob:;
+;   connect-src 'self' wss://server:port/ws blob:;
+;   font-src 'self' blob;
 ;contentSecurityPolicy =
 ; Content-Security-Policy-Report-Only HTTP response header value. Use this
 ; to test your CSP before putting it into production.