From c79c99012e02fe9d9b9da6d61d878b345afcba79 Mon Sep 17 00:00:00 2001
From: Wilco van Beijnum <wilcovanbeijnum@gmail.com>
Date: Mon, 25 May 2020 15:31:56 +0200
Subject: [PATCH 1/2] Fix dropzone

---
 app/controllers/photo-albums/photo-album/edit.js | 3 ++-
 app/services/message-bus.js                      | 2 +-
 config/environment.js                            | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/controllers/photo-albums/photo-album/edit.js b/app/controllers/photo-albums/photo-album/edit.js
index 731658e6c..4b1279ff9 100644
--- a/app/controllers/photo-albums/photo-album/edit.js
+++ b/app/controllers/photo-albums/photo-album/edit.js
@@ -4,6 +4,7 @@ import { computed } from '@ember/object';
 
 export default Controller.extend({
   store: service(),
+  fetch: service(),
 
   actions: {
     submit() {
@@ -17,6 +18,6 @@ export default Controller.extend({
     }
   },
   dropzoneHeaders: computed(function() {
-    return { 'Authorization': this.get('fetch.authorizationHeader') };
+    return { 'Authorization': this.fetch.authorizationHeader() };
   })
 });
diff --git a/app/services/message-bus.js b/app/services/message-bus.js
index e996c29d3..d04d6098c 100644
--- a/app/services/message-bus.js
+++ b/app/services/message-bus.js
@@ -5,7 +5,7 @@ export default Service.extend({
   fetch: service(),
 
   init() {
-    messageBus.headers = { 'Authorization': this.get('fetch.authorizationHeader') };
+    messageBus.headers = { 'Authorization': this.fetch.authorizationHeader() };
     messageBus.baseUrl = '/api/';
     messageBus.start();
     this.set('message-bus', messageBus);
diff --git a/config/environment.js b/config/environment.js
index 5c3e2fb6d..8c11097d7 100644
--- a/config/environment.js
+++ b/config/environment.js
@@ -23,7 +23,7 @@ module.exports = function(environment) {
       'script-src': '\'self\' www.google-analytics.com www.googletagmanager.com',
       'font-src': '\'self\' fonts.gstatic.com',
       'connect-src': '\'self\' sentry.io',
-      'img-src': '\'self\' camo.csvalpha.nl www.google-analytics.com img.youtube.com',
+      'img-src': '\'self\' camo.csvalpha.nl www.google-analytics.com img.youtube.com data:',
       'style-src': '\'self\' \'unsafe-inline\' fonts.googleapis.com/',
       'media-src': '\'self\'',
       'object-src': '\'self\'',

From 1e1766728e5a3c3d28830ddd389c3c9a2eb49eb8 Mon Sep 17 00:00:00 2001
From: Wilco <wilcovanbeijnum@gmail.com>
Date: Tue, 26 May 2020 10:20:17 +0200
Subject: [PATCH 2/2] Remove data from CSP

---
 config/environment.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/environment.js b/config/environment.js
index a1287c777..e30f24405 100644
--- a/config/environment.js
+++ b/config/environment.js
@@ -23,7 +23,7 @@ module.exports = function(environment) {
       'script-src': '\'self\' www.google-analytics.com www.googletagmanager.com',
       'font-src': '\'self\' fonts.gstatic.com',
       'connect-src': '\'self\' sentry.io',
-      'img-src': '\'self\' camo.csvalpha.nl www.google-analytics.com img.youtube.com data:',
+      'img-src': '\'self\' camo.csvalpha.nl www.google-analytics.com img.youtube.com',
       'style-src': '\'self\' \'unsafe-inline\' fonts.googleapis.com/',
       'media-src': '\'self\'',
       'object-src': '\'self\'',