fix: xss vulnerability in /api/raw (#2570) (#2572)

This commit is contained in:
Anchit Bajaj 2023-07-27 15:12:27 +05:30 committed by GitHub
parent ff4375cf6c
commit b508ac3d4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions

View File

@ -207,7 +207,7 @@ func rawFileHandler(w http.ResponseWriter, r *http.Request, file *files.FileInfo
defer fd.Close()
setContentDisposition(w, r, file)
w.Header().Add("Content-Security-Policy", `script-src 'none';`)
w.Header().Set("Cache-Control", "private")
http.ServeContent(w, r, file.Name, file.ModTime, fd)
return 0, nil