archive
/
matrix-spec
mirror of https://github.com/matrix-org/matrix-spec
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1743 from matrix-org/dbkr/add_sandbox_to_csp

Browse Source 
Add 'sandbox' to recommended CSP header
pull/977/head
Travis Ralston 6 years ago committed by GitHub
parent 3fda4a3989 e318286404
commit 35de43de61
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File

5
specification/modules/content_repo.rst
Unescape Escape View File

@ -34,8 +34,9 @@ origin homeserver using the same API (unless the origin and destination
homeservers are the same).
When serving content, the server SHOULD provide a ``Content-Security-Policy``
header. The recommended policy is ``default-src 'none'; script-src 'none';
plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';``.
header. The recommended policy is ``sandbox; default-src 'none'; script-src
'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src
'self';``.
Client behaviour
----------------

Write Preview
Loading…
Cancel
Save