Add 'sandbox' to CSP for media repo (#4284)

* Add 'sandbox' to the CSP for media repo * Changelog
author: David Baker <dbkr@users.noreply.github.com> 2018-12-10 17:05:02 +0000
committer: Richard van der Hoff <richard@matrix.org> 2018-12-20 11:09:18 +0000
commit: 1c0051114a53ddacfa13bb07f72b21a3c9ef2457 (patch)
tree: 0cbb68761d727b3bf936518c4476519b36cc296a
parent: Improved welcome page (#4294) (diff)
download: synapse-1c0051114a53ddacfa13bb07f72b21a3c9ef2457.tar.xz
2 files changed, 3 insertions, 1 deletions
diff --git a/changelog.d/4284.bugfix b/changelog.d/4284.bugfix
new file mode 100644
index 0000000000..4a9478fa28
--- /dev/null
+++ b/changelog.d/4284.bugfix
@@ -0,0 +1 @@
+Add 'sandbox' to CSP for media reprository
diff --git a/synapse/rest/media/v1/download_resource.py b/synapse/rest/media/v1/download_resource.py
index f911b120b1..bdc5daecc1 100644
--- a/synapse/rest/media/v1/download_resource.py
+++ b/synapse/rest/media/v1/download_resource.py
@@ -48,7 +48,8 @@ class DownloadResource(Resource):
         set_cors_headers(request)
         request.setHeader(
             b"Content-Security-Policy",
-            b"default-src 'none';"
+            b"sandbox;"
+            b" default-src 'none';"
             b" script-src 'none';"
             b" plugin-types application/pdf;"
             b" style-src 'unsafe-inline';"
author	David Baker <dbkr@users.noreply.github.com>	2018-12-10 17:05:02 +0000
committer	Richard van der Hoff <richard@matrix.org>	2018-12-20 11:09:18 +0000
commit	1c0051114a53ddacfa13bb07f72b21a3c9ef2457 (patch)
tree	0cbb68761d727b3bf936518c4476519b36cc296a
parent	Improved welcome page (#4294) (diff)
download	synapse-1c0051114a53ddacfa13bb07f72b21a3c9ef2457.tar.xz