Use sandbox CSP for viewing assets (#1245)

2026-02-28 06:53:12 +08:00 · 2025-12-13 10:32:06 +01:00
parent 1c17e16655
commit c349ad7670
2 changed files with 5 additions and 2 deletions
--- a/bookmarks/views/assets.py
+++ b/bookmarks/views/assets.py
@@ -33,6 +33,7 @@ def view(request, asset_id: int):

    response = HttpResponse(content, content_type=asset.content_type)
    response["Content-Disposition"] = f'inline; filename="{asset.download_name}"'
+    response["Content-Security-Policy"] = "sandbox"
    return response