Switched 'img-src' directive to only allow 'self', and removed the wildcard '*' and 'data:' source settings. This adjustment enhances security by restricting image sources to the same origin, preventing potential exploitation from arbitrary or data URLs.
Embedded video thumbnails as base64 data URIs to enhance performance and ensure portability. Updated CSP to allow 'data:' sources for images, preventing CSP violations when rendering base64 images.
Addresses issues with missing thumbnails and enhances security settings.
