diff --git a/CHANGELOG.md b/CHANGELOG.md index 56f328234..66d01e005 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Updated the recommended pleroma.vcl configuration for Varnish to target Varnish 7.0+ - Set timeout values for Oban queues. The default is infinity and some operations may not time out on their own. - Delete activities are federated at lowest priority +- CSP now includes wasm-unsafe-eval ### Added - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index cd1bae235..34895c8d5 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -117,7 +117,7 @@ defp csp_string do if Config.get(:env) == :dev do "script-src 'self' 'unsafe-eval'" else - "script-src 'self'" + "script-src 'self' 'wasm-unsafe-eval'" end report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"]