0001-mics-add-img-src-csp-to-attaches-files-to-permit-pri.patch
wcs/forms/common.py | ||
---|---|---|
97 | 97 |
# force potential HTML upload to be used as-is (not decorated with theme) |
98 | 98 |
# and with minimal permissions |
99 | 99 |
response.filter = {} |
100 |
response.set_header('Content-Security-Policy', 'default-src \'none\';') |
|
100 |
response.set_header('Content-Security-Policy', 'default-src \'none\'; img-src \'self\';')
|
|
101 | 101 | |
102 | 102 |
if file.content_type: |
103 | 103 |
response.set_content_type(file.content_type) |
104 |
- |