From c4bac1655db175e9a7bfe6ea9a3415dbd05e7a52 Mon Sep 17 00:00:00 2001
From: Olivier Paroz <github@oparoz.com>
Date: Mon, 28 Sep 2015 23:21:26 +0200
Subject: [PATCH] Fix CSP for images for legacy apps Fixes #19425

---
 lib/private/response.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/response.php b/lib/private/response.php
index f1a429463f2..14ee92972a9 100644
--- a/lib/private/response.php
+++ b/lib/private/response.php
@@ -247,7 +247,7 @@ class OC_Response {
 			. 'script-src \'self\' \'unsafe-eval\'; '
 			. 'style-src \'self\' \'unsafe-inline\'; '
 			. 'frame-src *; '
-			. 'img-src *; '
+			. 'img-src * data:; '
 			. 'font-src \'self\' data:; '
 			. 'media-src *; ' 
 			. 'connect-src *';
-- 
GitLab