From ae84d99af07e24caf672cd5f586b379dafaff195 Mon Sep 17 00:00:00 2001
From: ansuz <git@ansuz.xyz>
Date: Fri, 21 Jan 2022 17:48:53 +0530
Subject: [PATCH] update the recommended settings for img-src and media-src

---
 docs/example.nginx.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/example.nginx.conf b/docs/example.nginx.conf
index ea21e3ba7..6a9d268e8 100644
--- a/docs/example.nginx.conf
+++ b/docs/example.nginx.conf
@@ -96,14 +96,14 @@ server {
     set $fontSrc    "'self' data: ${main_domain}";
 
     # images can be loaded from anywhere, though we'd like to deprecate this as it allows the use of images for tracking
-    set $imgSrc     "'self' data: * blob: ${main_domain}";
+    set $imgSrc     "'self' data: blob: ${main_domain} ${sandbox_domain}";
 
     # frame-src specifies valid sources for nested browsing contexts.
     # this prevents loading any iframes from anywhere other than the sandbox domain
     set $frameSrc   "'self' ${sandbox_domain} blob:";
 
     # specifies valid sources for loading media using video or audio
-    set $mediaSrc   "'self' data: * blob: ${main_domain}";
+    set $mediaSrc   "'self' data: blob: ${main_domain} ${sandbox_domain}";
 
     # defines valid sources for webworkers and nested browser contexts
     # deprecated in favour of worker-src and frame-src