Backup_Repos/komga
1
0
Fork 0
mirror of https://github.com/gotson/komga.git synced 2025-12-06 16:42:24 +01:00
Code Issues Projects Releases Wiki Activity

fix(api): add CSP response header for untrusted epub resources

Browse source 
(cherry picked from commit cd257dbbe859ad42007371ae44094855fbea01f0)
This commit is contained in:
Gauthier Roebroeck 2025-06-04 10:37:12 +08:00
parent bc8a5df1a7
commit 25de5973a6
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
komga/src/main/kotlin/org/gotson/komga/interfaces/api/CommonBookController.kt
View file

@ -281,6 +281,7 @@ class CommonBookController(
if (ServletWebRequest(request).checkNotModified(getBookLastModified(media))) { if (ServletWebRequest(request).checkNotModified(getBookLastModified(media))) {
return ResponseEntity return ResponseEntity
.status(HttpStatus.NOT_MODIFIED) .status(HttpStatus.NOT_MODIFIED)
.header("Content-Security-Policy", "script-src 'none'; object-src 'none';")
.setNotModified(media) .setNotModified(media)
.body(ByteArray(0)) .body(ByteArray(0))
} }
@ -305,6 +306,7 @@ class CommonBookController(
.builder("inline") .builder("inline")
.filename(FilenameUtils.getName(resourceName), StandardCharsets.UTF_8) .filename(FilenameUtils.getName(resourceName), StandardCharsets.UTF_8)
.build() .build()
set("Content-Security-Policy", "script-src 'none'; object-src 'none';")
}, },
).contentType(getMediaTypeOrDefault(res.mediaType)) ).contentType(getMediaTypeOrDefault(res.mediaType))
.setNotModified(media) .setNotModified(media)