Add 'sandbox' to CSP for media repo (#4284)

* Add 'sandbox' to the CSP for media repo

* Changelog
This commit is contained in:
David Baker 2018-12-10 17:05:02 +00:00 committed by Richard van der Hoff
parent 128294d3e5
commit 1c0051114a
2 changed files with 3 additions and 1 deletions

1
changelog.d/4284.bugfix Normal file
View File

@ -0,0 +1 @@
Add 'sandbox' to CSP for media reprository

View File

@ -48,6 +48,7 @@ class DownloadResource(Resource):
set_cors_headers(request) set_cors_headers(request)
request.setHeader( request.setHeader(
b"Content-Security-Policy", b"Content-Security-Policy",
b"sandbox;"
b" default-src 'none';" b" default-src 'none';"
b" script-src 'none';" b" script-src 'none';"
b" plugin-types application/pdf;" b" plugin-types application/pdf;"