parameterize DefaultSources on site.config

Author: rullyrmd

source/DasBlog.Web.UI/Config/site.config

@@ -112,6 +112,7 @@
 
   <CookieConsentEnabled>false</CookieConsentEnabled>
 
+  <DefaultSources>data:;https:</DefaultSources>
   <SecurityStyleSources>cloud.tinymce.com;cdn.tiny.cloud;cdn.jsdelivr.net;js.nicedit.com;www.google.com;platform.twitter.com;cdn.syndication.twimg.com;fonts.googleapis.com;maxcdn.bootstrapcdn.com</SecurityStyleSources>
   <SecurityScriptSources>cloud.tinymce.com;cdn.tiny.cloud;cdn.jsdelivr.net;js.nicedit.com;www.google.com;cse.google.com;cdn.syndication.twimg.com;platform.twitter.com;apis.google.com;www.google-analytics.com;www.googletagservices.com;adservice.google.com;securepubads.g.doubleclick.net;ajax.aspnetcdn.com;ssl.google-analytics.com</SecurityScriptSources>
 

source/DasBlog.Web.UI/Startup.cs

@@ -386,13 +386,14 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IDasBlog
 
 			var SecurityScriptSources = Configuration.GetSection("SecurityScriptSources")?.Value?.Split(";");
 			var SecurityStyleSources = Configuration.GetSection("SecurityStyleSources")?.Value?.Split(";");
+			var DefaultSources = Configuration.GetSection("DefaultSources")?.Value?.Split(";");
 
-			if (SecurityStyleSources != null && SecurityScriptSources != null)
+			if (SecurityStyleSources != null && SecurityScriptSources != null && DefaultSources != null)
 			{
 				app.UseCsp(options => options
 					.DefaultSources(s => s.Self()
-						.CustomSources("data:")
-						.CustomSources("https:"))
+						.CustomSources(DefaultSources)
+						)
 					.StyleSources(s => s.Self()
 						.CustomSources(SecurityStyleSources)
 						.UnsafeInline()