0001-misc-add-img-src-CSP-to-fix-printing-on-Firefox-6995.patch
wcs/forms/common.py | ||
---|---|---|
93 | 93 |
raise errors.TraversalError() |
94 | 94 |
else: |
95 | 95 |
raise errors.TraversalError() |
96 | ||
97 | 96 |
# force potential HTML upload to be used as-is (not decorated with theme) |
98 | 97 |
# and with minimal permissions |
99 | 98 |
response.filter = {} |
100 |
response.set_header('Content-Security-Policy', 'default-src \'none\';') |
|
99 |
response.set_header( |
|
100 |
'Content-Security-Policy', |
|
101 |
'default-src \'none\'; img-src %s;' % get_request().build_absolute_uri(), |
|
102 |
) |
|
101 | 103 | |
102 | 104 |
if file.content_type: |
103 | 105 |
response.set_content_type(file.content_type) |
wcs/forms/root.py | ||
---|---|---|
1692 | 1692 |
# force potential HTML upload to be used as-is (not decorated with theme) |
1693 | 1693 |
# and with minimal permissions |
1694 | 1694 |
response.filter = {} |
1695 |
response.set_header('Content-Security-Policy', 'default-src \'none\';') |
|
1695 |
response.set_header( |
|
1696 |
'Content-Security-Policy', |
|
1697 |
'default-src \'none\'; img-src %s;' % get_request().build_absolute_uri(), |
|
1698 |
) |
|
1696 | 1699 | |
1697 | 1700 |
if tempfile['content_type']: |
1698 | 1701 |
response.set_content_type(tempfile['content_type']) |
1699 |
- |