Uploads: Sandbox them in the CSP.

author: lain <lain@soykaf.club> 2020-04-15 12:05:22 +0200
committer: lain <lain@soykaf.club> 2020-04-15 12:05:22 +0200
commit: 6bc76df287d7f4beb35c3a55b784b07ce9d833ff (patch)
tree: c649407a70bdf3e2dde8b3672f8a1261c1a24f76 /lib
parent: 96eae6299544e8768459f16225249a1e6e14e2f0 (diff)
download: pleroma-6bc76df287d7f4beb35c3a55b784b07ce9d833ff.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/pleroma/plugs/uploaded_media.ex b/lib/pleroma/plugs/uploaded_media.ex
index 36ff024a7..94147e0c4 100644
--- a/lib/pleroma/plugs/uploaded_media.ex
+++ b/lib/pleroma/plugs/uploaded_media.ex
@@ -41,6 +41,7 @@ defmodule Pleroma.Plugs.UploadedMedia do
         conn ->
           conn
       end
+      |> merge_resp_headers([{"content-security-policy", "sandbox"}])
 
     config = Pleroma.Config.get(Pleroma.Upload)
author	lain <lain@soykaf.club>	2020-04-15 12:05:22 +0200
committer	lain <lain@soykaf.club>	2020-04-15 12:05:22 +0200
commit	6bc76df287d7f4beb35c3a55b784b07ce9d833ff (patch)
tree	c649407a70bdf3e2dde8b3672f8a1261c1a24f76 /lib
parent	96eae6299544e8768459f16225249a1e6e14e2f0 (diff)
download	pleroma-6bc76df287d7f4beb35c3a55b784b07ce9d833ff.tar.gz