Mirrors/linkding
1
0
Fork 0
mirror of https://github.com/sissbruecker/linkding.git synced 2026-02-28 06:53:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow sandboxes scripts when viewing assets (#1252)

Browse Source
This commit is contained in:
Sascha Ißbrücker
2025-12-30 11:34:04 +01:00
committed by GitHub
parent 12dd1d8bc6
commit ee1cf6596b
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bookmarks/tests/test_bookmark_asset_view.py
View File

@@ -151,7 +151,7 @@ class BookmarkAssetViewTestCase(TestCase, BookmarkFactoryMixin):
response["Content-Disposition"],
f'inline; filename="{asset.display_name}.html"',
)
self.assertEqual(response["Content-Security-Policy"], "sandbox")
self.assertEqual(response["Content-Security-Policy"], "sandbox allow-scripts")
def test_uploaded_file_download_headers(self):
bookmark = self.setup_bookmark()
@@ -163,4 +163,4 @@ class BookmarkAssetViewTestCase(TestCase, BookmarkFactoryMixin):
response["Content-Disposition"],
f'inline; filename="{asset.display_name}"',
)
self.assertEqual(response["Content-Security-Policy"], "sandbox")
self.assertEqual(response["Content-Security-Policy"], "sandbox allow-scripts")

2
bookmarks/views/assets.py
View File

@@ -33,7 +33,7 @@ def view(request, asset_id: int):
response = HttpResponse(content, content_type=asset.content_type)
response["Content-Disposition"] = f'inline; filename="{asset.download_name}"'
response["Content-Security-Policy"] = "sandbox"
response["Content-Security-Policy"] = "sandbox allow-scripts"
return response