Merge pull request #1743 from matrix-org/dbkr/add_sandbox_to_csp

Add 'sandbox' to recommended CSP header
pull/977/head
Travis Ralston 6 years ago committed by GitHub
commit 35de43de61
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -34,8 +34,9 @@ origin homeserver using the same API (unless the origin and destination
homeservers are the same). homeservers are the same).
When serving content, the server SHOULD provide a ``Content-Security-Policy`` When serving content, the server SHOULD provide a ``Content-Security-Policy``
header. The recommended policy is ``default-src 'none'; script-src 'none'; header. The recommended policy is ``sandbox; default-src 'none'; script-src
plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';``. 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src
'self';``.
Client behaviour Client behaviour
---------------- ----------------

Loading…
Cancel
Save