Browse Source

Reworked CSP policy for downloads

pull/111/head
Teknikode 6 years ago
parent
commit
366ad08e83
  1. 2
      Teknik/Areas/Upload/Controllers/UploadController.cs

2
Teknik/Areas/Upload/Controllers/UploadController.cs

@ -273,7 +273,7 @@ namespace Teknik.Areas.Upload.Controllers @@ -273,7 +273,7 @@ namespace Teknik.Areas.Upload.Controllers
Response.AddHeader("Content-Disposition", cd.ToString());
// Apply content security policy for downloads
Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; form-action 'none';");
Response.AddHeader("Content-Security-Policy", "default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self'; media-src 'self'; child-src 'self'; form-action 'none';");
// Read in the file
FileStream fs = new FileStream(filePath, FileMode.Open, FileAccess.Read, FileShare.Read);

Loading…
Cancel
Save