Allow img-src data: common in skins

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index b646d0c71b89c924fc29588225fc04c670a7b763..3ec434670d997885c7da19efc6b6a0a6864f3a24 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -91,7 +91,7 @@ function page_headers() {
        header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
        header("X-Content-Type-Options: nosniff");
        header("Referrer-Policy: origin-when-cross-origin");
-       header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self'; frame-src https://www.adminer.org; form-action 'self'");
+       header("Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; frame-src https://www.adminer.org; form-action 'self'");
        $adminer->headers();
 }