Uploads: Sandbox them in the CSP.

author: lain <lain@soykaf.club> 2020-04-15 12:05:22 +0200
committer: rinpatch <rinpatch@sdf.org> 2020-05-01 01:37:26 +0300
commit: a4afeed4266e75279422a6721f0a9a2aece0b9ea (patch)
tree: 0aef88400ed410a6598a505360f36f50094055bf
parent: 8cf4e1619e439b1c9374a52cfc2b0cdf8d549d02 (diff)
download: pleroma-a4afeed4266e75279422a6721f0a9a2aece0b9ea.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/pleroma/plugs/uploaded_media.ex b/lib/pleroma/plugs/uploaded_media.ex
index 36ff024a7..94147e0c4 100644
--- a/lib/pleroma/plugs/uploaded_media.ex
+++ b/lib/pleroma/plugs/uploaded_media.ex
@@ -41,6 +41,7 @@ defmodule Pleroma.Plugs.UploadedMedia do
         conn ->
           conn
       end
+      |> merge_resp_headers([{"content-security-policy", "sandbox"}])
 
     config = Pleroma.Config.get(Pleroma.Upload)
author	lain <lain@soykaf.club>	2020-04-15 12:05:22 +0200
committer	rinpatch <rinpatch@sdf.org>	2020-05-01 01:37:26 +0300
commit	a4afeed4266e75279422a6721f0a9a2aece0b9ea (patch)
tree	0aef88400ed410a6598a505360f36f50094055bf
parent	8cf4e1619e439b1c9374a52cfc2b0cdf8d549d02 (diff)
download	pleroma-a4afeed4266e75279422a6721f0a9a2aece0b9ea.tar.gz