Projet

Général

Profil

0001-mics-add-img-src-csp-to-attaches-files-to-permit-pri.patch

Benjamin Dauvergne, 06 octobre 2022 16:04

Télécharger (1,05 ko)

Voir les différences: 

Subject: [PATCH] mics: add img-src csp to attaches files to permit printing
 (#69958)

The CSP is applied to the printing dialog box of the browser, if it's
too restrictive it cannot print an image file.

 wcs/forms/common.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
wcs/forms/common.py
97 97 
        # force potential HTML upload to be used as-is (not decorated with theme)
98 98 
        # and with minimal permissions
99 99 
        response.filter = {}
100 
        response.set_header('Content-Security-Policy', 'default-src \'none\';')
100 
        response.set_header('Content-Security-Policy', 'default-src \'none\'; img-src \'self\';')
101 101 

  		




  102
  102
  
    
        if file.content_type:

  		




  103
  103
  
    
            response.set_content_type(file.content_type)

  		




  104
  
  
    
-