opensource/filestash
1
0
Fork 0
mirror of https://github.com/mickael-kerjean/filestash.git synced 2025-10-29 00:55:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

feature (plg_security_svg): admin can decide upon viewing svg documents

Browse Source
This commit is contained in:
=
2019-04-22 18:24:32 +10:00
parent c5db893a5e
commit b2d6f5f1e4
3 changed files with 48 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/ctrl/files.go
View File

@ -235,7 +235,9 @@ func FileCat(ctx App, res http.ResponseWriter, req *http.Request) {
header.Set("Content-Length", fmt.Sprintf("%d", contentLength))
}
header.Set("Content-Type", GetMimeType(req.URL.Query().Get("path")))
header.Set("Content-Security-Policy", "script-src 'none'")
if header.Get("Content-Security-Policy") == "" {
header.Set("Content-Security-Policy", "default-src 'none'; img-src 'self'; style-src 'unsafe-inline'")
}
header.Set("Accept-Ranges", "bytes")
// Send data to the client