From 84dd51e0dd393888c43588f4c7c677c307df720e Mon Sep 17 00:00:00 2001
From: Casey Rodarmor <casey@rodarmor.com>
Date: Sat, 10 Jun 2023 03:46:47 -0700
Subject: [PATCH] Recursive Inscriptions (#2167)

---
 src/subcommand/server.rs |  8 ++++++--
 tests/server.rs          | 11 +++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/src/subcommand/server.rs b/src/subcommand/server.rs
index 479ab4e475..20461e3f44 100644
--- a/src/subcommand/server.rs
+++ b/src/subcommand/server.rs
@@ -745,7 +745,11 @@ impl Server {
     );
     headers.insert(
       header::CONTENT_SECURITY_POLICY,
-      HeaderValue::from_static("default-src 'unsafe-eval' 'unsafe-inline' data:"),
+      HeaderValue::from_static("default-src 'self' 'unsafe-eval' 'unsafe-inline' data:"),
+    );
+    headers.append(
+      header::CONTENT_SECURITY_POLICY,
+      HeaderValue::from_static("default-src *:*/content/ 'unsafe-eval' 'unsafe-inline' data:"),
     );
     headers.insert(
       header::CACHE_CONTROL,
@@ -2202,7 +2206,7 @@ mod tests {
     server.assert_response_csp(
       format!("/preview/{}", InscriptionId::from(txid)),
       StatusCode::OK,
-      "default-src 'unsafe-eval' 'unsafe-inline' data:",
+      "default-src 'self' 'unsafe-eval' 'unsafe-inline' data:",
       "hello",
     );
   }
diff --git a/tests/server.rs b/tests/server.rs
index 421c3eb86e..93fef1c7e1 100644
--- a/tests/server.rs
+++ b/tests/server.rs
@@ -183,8 +183,15 @@ fn inscription_content() {
     "text/plain;charset=utf-8"
   );
   assert_eq!(
-    response.headers().get("content-security-policy").unwrap(),
-    "default-src 'unsafe-eval' 'unsafe-inline' data:"
+    response
+      .headers()
+      .get_all("content-security-policy")
+      .into_iter()
+      .collect::<Vec<&http::HeaderValue>>(),
+    &[
+      "default-src 'self' 'unsafe-eval' 'unsafe-inline' data:",
+      "default-src *:*/content/ 'unsafe-eval' 'unsafe-inline' data:"
+    ]
   );
   assert_eq!(response.bytes().unwrap(), "FOO");
 }