Backup_Repos/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash synced 2026-01-05 23:35:34 +01:00
Code Issues Projects Releases Wiki Activity

fix (csp): csp policy on cat

Browse source 
The issue this is fixing is for the plg_opener_htmlframe which does
open html documents as an iframe. Without this, we couldn't load any
js at all which was causing issue to render things like markdown via
external libs and such
This commit is contained in:
Mickael Kerjean 2022-05-13 08:43:47 +10:00
parent db7ab46ddd
commit f72b630e50
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server/ctrl/files.go
View file

@ -278,7 +278,7 @@ func FileCat(ctx App, res http.ResponseWriter, req *http.Request) {
header.Set("Content-Length", fmt.Sprintf("%d", contentLength))
}
if header.Get("Content-Security-Policy") == "" {
header.Set("Content-Security-Policy", "default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'; font-src data:")
header.Set("Content-Security-Policy", "default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'; font-src data:; script-src-elem 'self'")
}
header.Set("Accept-Ranges", "bytes")