Skip to content

Commit

Permalink
[pocketbase#693] added media-src to the default files CSP
Browse files Browse the repository at this point in the history
  • Loading branch information
@ganigeorgiev
ganigeorgiev committed Oct 2, 2022
1 parent 5f5f0ed commit 81d0af6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion tools/filesystem/filesystem.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ func (s *System) Serve(response http.ResponseWriter, fileKey string, name string
response.Header().Set("Content-Disposition", disposition+"; filename="+name)
response.Header().Set("Content-Type", extContentType)
response.Header().Set("Content-Length", strconv.FormatInt(r.Size(), 10))
response.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
response.Header().Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline'; sandbox")

// All HTTP date/time stamps MUST be represented in Greenwich Mean Time (GMT)
// (see https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3.1)
Expand Down

0 comments on commit 81d0af6

Please sign in to comment.