Add 'sandbox' to the CSP

As per matrix-org/synapse#4284
t2bot · Dec 10, 2018 · 3194e82 · 3194e82
1 parent db22f4d
commit 3194e82
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/github.com/turt2live/matrix-media-repo/api/webserver/route_handler.go b/src/github.com/turt2live/matrix-media-repo/api/webserver/route_handler.go
@@ -60,7 +60,7 @@ func (h handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization")
 	w.Header().Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS")
 	w.Header().Set("Access-Control-Allow-Origin", "*")
-	w.Header().Set("Content-Security-Policy", "default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; media-src 'self'; object-src 'self';")
+	w.Header().Set("Content-Security-Policy", "sandbox; default-src 'none'; script-src 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; media-src 'self'; object-src 'self';")
 	w.Header().Set("Cache-Control", "public,max-age=86400,s-maxage=86400")
 	w.Header().Set("Server", "matrix-media-repo")