From 13fd2f8a58a2a9e9937154e633d8877e532f5ad1 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 6 Oct 2022 16:03:37 +0200
Subject: [PATCH] mics: add img-src csp to attaches files to permit printing
 (#69958)

The CSP is applied to the printing dialog box of the browser, if it's
too restrictive it cannot print an image file.
---
 wcs/forms/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcs/forms/common.py b/wcs/forms/common.py
index b0770a1e9..cc54c8573 100644
--- a/wcs/forms/common.py
+++ b/wcs/forms/common.py
@@ -97,7 +97,7 @@ class FileDirectory(Directory):
         # force potential HTML upload to be used as-is (not decorated with theme)
         # and with minimal permissions
         response.filter = {}
-        response.set_header('Content-Security-Policy', 'default-src \'none\';')
+        response.set_header('Content-Security-Policy', 'default-src \'none\'; img-src \'self\';')
 
         if file.content_type:
             response.set_content_type(file.content_type)
-- 
2.37.2