Skip to content

allow https: so that flash works across instances without need for media proxy

HJ requested to merge csp-flash into develop

Currently if flash file is located on some other domain flash player will error out because it can't fetch the flash file - blocked by connect-src CSP rule. This fixes it so that frontends can connect to any domain. It would also possibly allow us to fetch information about images (i.e. more accurately determine if image is a GIF or not, its resolution) without the need for media proxy. This potentially reduced overall security, however.

Merge request reports