From 366ad08e83c0d0b76c290e834e5daeadd266d998 Mon Sep 17 00:00:00 2001
From: Uncled1023 <admin@teknik.io>
Date: Fri, 14 Apr 2017 11:19:28 -0700
Subject: [PATCH] Reworked CSP policy for downloads

---
 Teknik/Areas/Upload/Controllers/UploadController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Teknik/Areas/Upload/Controllers/UploadController.cs b/Teknik/Areas/Upload/Controllers/UploadController.cs
index 7c932a2..2055f65 100644
--- a/Teknik/Areas/Upload/Controllers/UploadController.cs
+++ b/Teknik/Areas/Upload/Controllers/UploadController.cs
@@ -273,7 +273,7 @@ namespace Teknik.Areas.Upload.Controllers
                             Response.AddHeader("Content-Disposition", cd.ToString());
 
                             // Apply content security policy for downloads
-                            Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; form-action 'none';");
+                            Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; child-src 'self'; form-action 'none';");
 
                             // Read in the file
                             FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read);