Allow blob: URLs as content source

[ViniciusBP]

The connect-src directive is configured as a wildcard and allow any URLs with a network scheme. 

Why is not allowed to use blob: URIs as content source? I think it should be changed to allow.

[alansoliditydev]

I have this problem, too

[thiagomva]

I'm having this problem with connect-src and also with object-src directive. I think both should allow blob content.

[GinaAbrams]

@larrysalibra would you be able to please comment on this one 🙏

[larrysalibra]

@ViniciusBP I'm open to making changes to it. Do you want to send a pull request with the proposed changes?

Alternatively, could you write the CSP expression as you'd like to see it here in the issue? Thanks!

[thiagomva]

@larrysalibra just created a pull request changing: connect-src to connect-src data: blob:; object-src 'self' to object-src 'self' data: blob:;

[larrysalibra]

This already was merged and shipped.