tileradotorg/synapse

Fork 0

forked from MirrorHub/synapse

Commit graph

Author	SHA1	Message	Date
Denis Kasak	2476d5373c	Mitigate media repo XSSs on IE11. (#10468 ) IE11 doesn't support Content-Security-Policy but it has support for a non-standard X-Content-Security-Policy header, which only supports the sandbox directive. This prevents script execution, so it at least offers some protection against media repo-based attacks. Signed-off-by: Denis Kasak <dkasak@termina.org.uk>	2021-07-27 13:45:10 +02:00

Author

SHA1

Message

Date

Denis Kasak

2476d5373c

Mitigate media repo XSSs on IE11. (#10468 )

IE11 doesn't support Content-Security-Policy but it has support for
a non-standard X-Content-Security-Policy header, which only supports the
sandbox directive. This prevents script execution, so it at least offers
some protection against media repo-based attacks.

Signed-off-by: Denis Kasak <dkasak@termina.org.uk>

2021-07-27 13:45:10 +02:00

1 commit