From c3659a4ca298d852ad638861e7337889d4eeecdf Mon Sep 17 00:00:00 2001
From: Ry0taK <49341894+Ry0taK@users.noreply.github.com>
Date: Sat, 18 Mar 2023 02:42:05 +0000
Subject: [PATCH] Add worker-src

---
 packages/backend/src/server/web/ClientServerService.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts
index e347017960..761cf4ba70 100644
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@@ -183,6 +183,7 @@ export class ClientServerService {
 			const csp = this.config.contentSecurityPolicy
 				?? 'script-src \'self\' ' +
 				'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ {scriptNonce}; ' +
+				'worker-src blob: \'self\'; ' + 
 				'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
 			reply.header('Content-Security-Policy-Report-Only', csp.replace('{scriptNonce}', `'nonce-${scriptNonce}'`));
 			done();