Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Formally spec Content Security Policy for media repo #1066

Closed
ara4n opened this issue Nov 14, 2017 · 2 comments
Closed

Formally spec Content Security Policy for media repo #1066

ara4n opened this issue Nov 14, 2017 · 2 comments
Assignees
@turt2live
Labels
spec-omission implemented but not currently specified

Comments

@ara4n
Copy link
Member

ara4n commented Nov 14, 2017

This shouldn't be an implementation-specific thing, given it needs to protect all clients
@richvdh richvdh changed the title Formally spec CSP for media repo Formally spec Content Security Policy for media repo Nov 14, 2017
@richvdh richvdh added the spec-omission implemented but not currently specified label Nov 14, 2017
@turt2live
Copy link
Member

What is the policy?

@turt2live
Copy link
Member

The policy used by synapse is Content-Security-Policy: default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self'; fwiw

@turt2live turt2live self-assigned this Aug 28, 2018
turt2live added a commit to turt2live/matrix-doc that referenced this issue Aug 29, 2018
@turt2live
Specify the minimum CSP for media
ec20c43 
Fixes matrix-org#1066
@turt2live turt2live mentioned this issue Aug 29, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@turt2live turt2live

Labels
spec-omission implemented but not currently specified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@turt2live @ara4n @richvdh