allow https: so that flash works across instances without need for media proxy

Currently if flash file is located on some other domain flash player will error out because it can't fetch the flash file - blocked by connect-src CSP rule. This fixes it so that frontends can connect to any domain. It would also possibly allow us to fetch information about images (i.e. more accurately determine if image is a GIF or not, its resolution) without the need for media proxy. This potentially reduced overall security, however.