Specify the minimum CSP for media

Fixes https://github.com/matrix-org/matrix-doc/issues/1066
pull/977/head
Travis Ralston 6 years ago
parent e401b7255c
commit ec20c43220

@ -33,6 +33,11 @@ recipient's local homeserver, which must first transfer the content from the
origin homeserver using the same API (unless the origin and destination
homeservers are the same).
When serving content, the server MUST provide a ``Content-Security-Policy``
header. The policy may be more restrictive, however the minimum policy is
``default-src 'none'; script-src 'none'; plugin-types application/pdf;
style-src 'unsafe-inline'; object-src 'self';``.
Client behaviour
----------------

Loading…
Cancel
Save