0001-misc-add-img-src-CSP-to-fix-printing-on-Firefox-6995.patch

Benjamin Dauvergne, 11 octobre 2022 03:13

Voir les différences: en ligne côte à côte

Subject: [PATCH] misc: add img-src CSP to fix printing on Firefox (#69958)

On firefox the CSP is applied to the printing dialog box of the browser, if it's
too restrictive it cannot print an image file.

 wcs/forms/common.py | 6 ++++--
 wcs/forms/root.py   | 5 ++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

                         raise errors.TraversalError()
                 else:
                     raise errors.TraversalError()
             # force potential HTML upload to be used as-is (not decorated with theme)
             # and with minimal permissions
             response.filter = {}
             response.set_header('Content-Security-Policy', 'default-src \'none\';')
             response.set_header(
                 'Content-Security-Policy',
                 'default-src \'none\'; img-src %s;' % get_request().build_absolute_uri(),
+            )
             if file.content_type:
                 response.set_content_type(file.content_type)

             # force potential HTML upload to be used as-is (not decorated with theme)
             # and with minimal permissions
             response.filter = {}
             response.set_header('Content-Security-Policy', 'default-src \'none\';')
             response.set_header(
                 'Content-Security-Policy',
                 'default-src \'none\'; img-src %s;' % get_request().build_absolute_uri(),
+            )
             if tempfile['content_type']:
                 response.set_content_type(tempfile['content_type'])
+    -

Produits Entr'ouvert » w.c.s.