mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-10-01 11:49:51 -04:00
2476d5373c
IE11 doesn't support Content-Security-Policy but it has support for a non-standard X-Content-Security-Policy header, which only supports the sandbox directive. This prevents script execution, so it at least offers some protection against media repo-based attacks. Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
2 lines
95 B
Plaintext
2 lines
95 B
Plaintext
Mitigate media repo XSS attacks on IE11 via the non-standard X-Content-Security-Policy header.
|