summary refs log tree commit diff
path: root/synapse/app/appservice.py
diff options
context:
space:
mode:
authorDenis Kasak <dkasak@termina.org.uk>2021-07-27 11:45:10 +0000
committerGitHub <noreply@github.com>2021-07-27 13:45:10 +0200
commit2476d5373cde3a881b6f8f3ccc5d19707e9f600d (patch)
tree2d92e51c4b345325c9a0ef6d08ada7578a17fef0 /synapse/app/appservice.py
parentSupport MSC2033: Device ID on whoami (#9918) (diff)
downloadsynapse-2476d5373cde3a881b6f8f3ccc5d19707e9f600d.tar.xz
Mitigate media repo XSSs on IE11. (#10468)
IE11 doesn't support Content-Security-Policy but it has support for
a non-standard X-Content-Security-Policy header, which only supports the
sandbox directive. This prevents script execution, so it at least offers
some protection against media repo-based attacks.

Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
Diffstat (limited to 'synapse/app/appservice.py')
0 files changed, 0 insertions, 0 deletions