From b9737d368ddc7783f7c76f505ece3172a9f46271 Mon Sep 17 00:00:00 2001
From: thororm <thorormsvensson@gmail.com>
Date: Mon, 13 Feb 2017 22:57:09 +0100
Subject: [PATCH] Update conf.ini.sample

---
 cfg/conf.ini.sample | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cfg/conf.ini.sample b/cfg/conf.ini.sample
index 22e7eaa7..ab0c309c 100644
--- a/cfg/conf.ini.sample
+++ b/cfg/conf.ini.sample
@@ -64,7 +64,7 @@ languageselection = false
 ; scripts or run your site behind certain DDoS-protection services.
 ; Check the documentation at https://content-security-policy.com/
 ; Note: If you use a bootstrap theme, you can remove the allow-popups from the sandbox restrictions.
-; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src 'self' data:; object-src  'self' data:; Referrer-Policy: 'no-referrer'"
+; cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; media-src data:; object-src data:; Referrer-Policy: 'no-referrer'"
 
 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of