diff options
| author | Joe Chen <jc@unknwon.io> | 2022-05-03 17:51:28 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-03 17:51:28 +0800 |
| commit | cb35b73048b91ca32ee89d5b05a09552db8e5faf (patch) | |
| tree | 4d684aee0bd3bca023d9c7a8b9b14c45467ae7bc /internal/cmd | |
| parent | a61a4389ece9fa56651c1c4fc49db08d627a5b6e (diff) | |
attachment: set CSP header in the serving endpoint (#6926)
Diffstat (limited to 'internal/cmd')
| -rw-r--r-- | internal/cmd/web.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/internal/cmd/web.go b/internal/cmd/web.go index 097ad23a..80c8ce48 100644 --- a/internal/cmd/web.go +++ b/internal/cmd/web.go @@ -318,6 +318,7 @@ func runWeb(c *cli.Context) error { } defer fr.Close() + c.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox") c.Header().Set("Cache-Control", "public,max-age=86400") c.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, attach.Name)) |