From 89ac2a5bdb1b5ab2bf25dfaf4d50dcc9565a69c1 Mon Sep 17 00:00:00 2001 From: David Baker Date: Mon, 10 Dec 2018 17:05:02 +0000 Subject: Add 'sandbox' to CSP for media repo (#4284) * Add 'sandbox' to the CSP for media repo * Changelog --- synapse/rest/media/v1/download_resource.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'synapse/rest') diff --git a/synapse/rest/media/v1/download_resource.py b/synapse/rest/media/v1/download_resource.py index f911b120b1..bdc5daecc1 100644 --- a/synapse/rest/media/v1/download_resource.py +++ b/synapse/rest/media/v1/download_resource.py @@ -48,7 +48,8 @@ class DownloadResource(Resource): set_cors_headers(request) request.setHeader( b"Content-Security-Policy", - b"default-src 'none';" + b"sandbox;" + b" default-src 'none';" b" script-src 'none';" b" plugin-types application/pdf;" b" style-src 'unsafe-inline';" -- cgit 1.4.1