Browse Source

Clarify ugly hack comment

tags/v0.1.0
Gerben 1 year ago
parent
commit
28fa8e0fbd
1 changed files with 3 additions and 2 deletions
  1. +3
    -2
      lib/Controller/RawResponse.php

+ 3
- 2
lib/Controller/RawResponse.php View File

@@ -13,8 +13,9 @@ trait RawResponse {
$content = $fileNode->getContent();
$mimetype = $fileNode->getMimeType();

// Ugly hack to prevent security middleware messing up the CSP.
header(
// Ugly hack to have exact control over the response, to e.g. prevent security middleware
// messing up the CSP. TODO find a neater solution than bluntly doing header() + echo + exit.
header( // Add a super strict CSP: no connectivity allowed.
"Content-Security-Policy: sandbox; default-src 'none'; img-src data:; media-src data:; "
. "style-src data: 'unsafe-inline'; font-src data:; frame-src data:"
);


Loading…
Cancel
Save