Merge branch 'uploads-csp-changes' into 'develop'

Uploads: Sandbox them in the CSP. See merge request pleroma/pleroma!2389
author: rinpatch <rinpatch@sdf.org> 2020-04-15 10:15:15 +0000
committer: rinpatch <rinpatch@sdf.org> 2020-04-15 10:15:15 +0000
commit: ad8630b95a691d01ec49344fd1a7578860728d63 (patch)
tree: c649407a70bdf3e2dde8b3672f8a1261c1a24f76
parent: 96eae6299544e8768459f16225249a1e6e14e2f0 (diff)
parent: 6bc76df287d7f4beb35c3a55b784b07ce9d833ff (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/lib/pleroma/plugs/uploaded_media.ex b/lib/pleroma/plugs/uploaded_media.ex
index 36ff024a7..94147e0c4 100644
--- a/lib/pleroma/plugs/uploaded_media.ex
+++ b/lib/pleroma/plugs/uploaded_media.ex
@@ -41,6 +41,7 @@ defmodule Pleroma.Plugs.UploadedMedia do
         conn ->
           conn
       end
+      |> merge_resp_headers([{"content-security-policy", "sandbox"}])
 
     config = Pleroma.Config.get(Pleroma.Upload)
author	rinpatch <rinpatch@sdf.org>	2020-04-15 10:15:15 +0000
committer	rinpatch <rinpatch@sdf.org>	2020-04-15 10:15:15 +0000
commit	ad8630b95a691d01ec49344fd1a7578860728d63 (patch)
tree	c649407a70bdf3e2dde8b3672f8a1261c1a24f76
parent	96eae6299544e8768459f16225249a1e6e14e2f0 (diff)
parent	6bc76df287d7f4beb35c3a55b784b07ce9d833ff (diff)