mirror of
https://github.com/miniflux/v2.git
synced 2025-09-15 18:57:04 +00:00
fix(security): use a more restrictive CSP for untrusted content
This commit is contained in:
parent
f57949c9a2
commit
cb695e653a
4 changed files with 18 additions and 4 deletions
|
@ -26,7 +26,7 @@ func (h *handler) showFeedIcon(w http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
|
||||
response.New(w, r).WithCaching(icon.Hash, 72*time.Hour, func(b *response.Builder) {
|
||||
b.WithHeader("Content-Security-Policy", `sandbox`)
|
||||
b.WithHeader("Content-Security-Policy", response.ContentSecurityPolicyForUntrustedContent)
|
||||
b.WithHeader("Content-Type", icon.MimeType)
|
||||
b.WithBody(icon.Content)
|
||||
if icon.MimeType != "image/svg+xml" {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue