From be0b6f8a9c57495882040d9855b9887137734ac0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emil=20Fjellstr=C3=B6m?= <emil.fjellstrom@icloud.com>
Date: Wed, 29 Mar 2023 14:29:58 +0100
Subject: [PATCH] Adding blob: as source to CSP header

---
 www/index.html | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/www/index.html b/www/index.html
index dcb0032..39bfee2 100644
--- a/www/index.html
+++ b/www/index.html
@@ -335,6 +335,11 @@ <h2 id="source_list">Source List Reference</h2>
             <td><code>img-src 'self' data:</code></td>
             <td>Allows loading resources via the data scheme (eg Base64 encoded images).</td>
           </tr>
+          <tr>
+            <td><code>'blob:'</code></td>
+            <td><code>object-src blob:</code></td>
+            <td>Allows loading and saving resources on the client's file system</td>
+          </tr>
           <tr>
             <td><code><em><span class="hidden-xs">domain.</span>example.com</em></code></td>
             <td><code>img-src <span class="hidden-xs">domain.</span>example.com</code></td>
@@ -384,7 +389,6 @@ <h2 id="source_list">Source List Reference</h2>
             <td><a href="/unsafe-hashes/" title="CSP unsafe-hashes"><code>'unsafe-hashes'</code></a></td>
             <td><code>script-src 'unsafe-hashes' 'sha256-abc...'</code></td>
             <td>Allows you to enable scripts in event handlers (eg <code>onclick</code>). Does not apply to <code>javascript:</code> or inline <code>&lt;script&gt;</code>  <span class="label label-success">CSP Level 3</span> </td>
-
           </tr>
         </tbody>
       </table>