# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1744975538 -3600
# Node ID 488483e1d915ecc17dde510c09c1a155ea19c908
# Parent  5611ce3bc54c24d442bfd627174e25372190c778# Parent  0b01f40df0f9341b0ea8c6ba9fb84df7cc34d134
Merge 13.0->trunk

diff -r 5611ce3bc54c -r 488483e1d915 plugins/mod_http_file_share.lua
--- a/plugins/mod_http_file_share.lua	Wed Apr 16 18:27:46 2025 +0200
+++ b/plugins/mod_http_file_share.lua	Fri Apr 18 12:25:38 2025 +0100
@@ -469,7 +469,7 @@
 	response.headers.accept_ranges = "bytes";
 
 	response.headers.cache_control = "max-age=31556952, immutable";
-	response.headers.content_security_policy =  "default-src 'none'; frame-ancestors 'none';"
+	response.headers.content_security_policy =  "default-src 'none'; media-src 'self'; frame-ancestors 'none';"
 	response.headers.strict_transport_security = "max-age=31556952";
 	response.headers.x_content_type_options = "nosniff";
 	response.headers.x_frame_options = "DENY"; -- COMPAT IE missing support for CSP frame-ancestors