From a1c31c7e439add2330457bb999b0c161a2d6b39d Mon Sep 17 00:00:00 2001
From: Alexandre Bodin <bodin.alex@gmail.com>
Date: Tue, 9 Nov 2021 20:49:21 +0100
Subject: [PATCH] Fix csp policy for the ML

---
 packages/core/strapi/lib/middlewares/security.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/core/strapi/lib/middlewares/security.js b/packages/core/strapi/lib/middlewares/security.js
index c52fcd62c4..3f84edf31d 100644
--- a/packages/core/strapi/lib/middlewares/security.js
+++ b/packages/core/strapi/lib/middlewares/security.js
@@ -12,6 +12,8 @@ const defaults = {
     useDefaults: true,
     directives: {
       'connect-src': ["'self'", 'https:'],
+      'img-src': ["'self'", 'data:', 'blob:'],
+      'media-src': ["'self'", 'data:', 'blob:'],
     },
   },
   xssFilter: false,