Use sandbox CSP for viewing assets (#1245)

This commit is contained in:
Sascha Ißbrücker
2025-12-13 10:32:06 +01:00
committed by GitHub
parent 1c17e16655
commit c349ad7670
2 changed files with 5 additions and 2 deletions

View File

@@ -33,6 +33,7 @@ def view(request, asset_id: int):
response = HttpResponse(content, content_type=asset.content_type)
response["Content-Disposition"] = f'inline; filename="{asset.download_name}"'
response["Content-Security-Policy"] = "sandbox"
return response