From 925f20f1e122f1bbe1088a79187f5bdf2a16cfc9 Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Mon, 30 Jun 2025 18:10:19 +0200
Subject: [PATCH] optimized CSP for peertube

---
 filter_plugins/csp_filters.py                           | 1 +
 roles/docker-peertube/vars/configuration.yml            | 4 ++++
 tests/integration/test_csp_configuration_consistency.py | 1 +
 3 files changed, 6 insertions(+)

diff --git a/filter_plugins/csp_filters.py b/filter_plugins/csp_filters.py
index 32d37b8e..005bfa73 100644
--- a/filter_plugins/csp_filters.py
+++ b/filter_plugins/csp_filters.py
@@ -96,6 +96,7 @@ class FilterModule(object):
                 'font-src',
                 'worker-src',
                 'manifest-src',
+                'media-src',
             ]
             parts = []
 
diff --git a/roles/docker-peertube/vars/configuration.yml b/roles/docker-peertube/vars/configuration.yml
index b4b95fe2..b5aa4fe2 100644
--- a/roles/docker-peertube/vars/configuration.yml
+++ b/roles/docker-peertube/vars/configuration.yml
@@ -16,6 +16,10 @@ csp:
   whitelist:
     frame-ancestors:
       - "*"
+    media-src:
+      - "blob:"
+    font-src:
+      - "data:"
 domains:
   canonical:
     - "video.{{ primary_domain }}"
diff --git a/tests/integration/test_csp_configuration_consistency.py b/tests/integration/test_csp_configuration_consistency.py
index 24b729c7..22fe7e54 100644
--- a/tests/integration/test_csp_configuration_consistency.py
+++ b/tests/integration/test_csp_configuration_consistency.py
@@ -15,6 +15,7 @@ class TestCspConfigurationConsistency(unittest.TestCase):
         'font-src',
         'worker-src',
         'manifest-src',
+        'media-src'
     }
     SUPPORTED_FLAGS = {'unsafe-eval', 'unsafe-inline'}