Add 'sandbox' to CSP for media repo (#4284)

* Add 'sandbox' to the CSP for media repo

* Changelog
This commit is contained in:
David Baker 2018-12-10 17:05:02 +00:00 committed by Amber Brown
parent 989f1167af
commit 89ac2a5bdb
2 changed files with 3 additions and 1 deletions

1
changelog.d/4284.bugfix Normal file
View file

@ -0,0 +1 @@
Add 'sandbox' to CSP for media reprository

View file

@ -48,7 +48,8 @@ class DownloadResource(Resource):
set_cors_headers(request) set_cors_headers(request)
request.setHeader( request.setHeader(
b"Content-Security-Policy", b"Content-Security-Policy",
b"default-src 'none';" b"sandbox;"
b" default-src 'none';"
b" script-src 'none';" b" script-src 'none';"
b" plugin-types application/pdf;" b" plugin-types application/pdf;"
b" style-src 'unsafe-inline';" b" style-src 'unsafe-inline';"