Browse Source

Reworked CSP policy for downloads

tags/3.0.0
Teknikode 2 years ago
parent
commit
366ad08e83
1 changed files with 1 additions and 1 deletions
  1. 1
    1
      Teknik/Areas/Upload/Controllers/UploadController.cs

+ 1
- 1
Teknik/Areas/Upload/Controllers/UploadController.cs View File

@@ -273,7 +273,7 @@ namespace Teknik.Areas.Upload.Controllers
Response.AddHeader("Content-Disposition", cd.ToString());

// Apply content security policy for downloads
Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; form-action 'none';");
Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; child-src 'self'; form-action 'none';");

// Read in the file
FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read);

Loading…
Cancel
Save