Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2024-12-19 02:34:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add quotes and be explicity about script-src

Browse Source
This commit is contained in:
Erik Johnston 2016-09-05 17:35:01 +01:00
parent 662b031a30
commit d51b8a1674
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
synapse/rest/media/v1/download_resource.py
View File

@ -47,7 +47,8 @@ class DownloadResource(Resource):
def _async_render_GET(self, request): def _async_render_GET(self, request):
request.setHeader( request.setHeader(
"Content-Security-Policy", "Content-Security-Policy",
"default-src none;" "default-src 'none';"
" script-src 'none';"
" plugin-types application/pdf;" " plugin-types application/pdf;"
" style-src 'unsafe-inline';" " style-src 'unsafe-inline';"
" object-src 'self';" " object-src 'self';"