USEFULL/gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2025-05-22 15:29:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

attachment: set CSP header in the serving endpoint (#6926)

Browse Source
This commit is contained in:
Joe Chen 2022-05-03 17:51:28 +08:00 committed by GitHub
parent a61a4389ec
commit cb35b73048
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/cmd/web.go
View File

@ -318,6 +318,7 @@ func runWeb(c *cli.Context) error {
}
defer fr.Close()
c.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox")
c.Header().Set("Cache-Control", "public,max-age=86400")
c.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, attach.Name))