summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorDavid Baker <dbkr@users.noreply.github.com>2018-12-10 17:05:02 +0000
committerRichard van der Hoff <richard@matrix.org>2018-12-20 11:09:18 +0000
commit1c0051114a53ddacfa13bb07f72b21a3c9ef2457 (patch)
tree0cbb68761d727b3bf936518c4476519b36cc296a /synapse
parentImproved welcome page (#4294) (diff)
downloadsynapse-1c0051114a53ddacfa13bb07f72b21a3c9ef2457.tar.xz
Add 'sandbox' to CSP for media repo (#4284)
* Add 'sandbox' to the CSP for media repo

* Changelog
Diffstat (limited to 'synapse')
-rw-r--r--synapse/rest/media/v1/download_resource.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/synapse/rest/media/v1/download_resource.py b/synapse/rest/media/v1/download_resource.py
index f911b120b1..bdc5daecc1 100644
--- a/synapse/rest/media/v1/download_resource.py
+++ b/synapse/rest/media/v1/download_resource.py
@@ -48,7 +48,8 @@ class DownloadResource(Resource):
         set_cors_headers(request)
         request.setHeader(
             b"Content-Security-Policy",
-            b"default-src 'none';"
+            b"sandbox;"
+            b" default-src 'none';"
             b" script-src 'none';"
             b" plugin-types application/pdf;"
             b" style-src 'unsafe-inline';"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-25 06:24:13 +0000