|
|
@@ -13,8 +13,9 @@ trait RawResponse { |
|
|
$content = $fileNode->getContent(); |
|
|
$content = $fileNode->getContent(); |
|
|
$mimetype = $fileNode->getMimeType(); |
|
|
$mimetype = $fileNode->getMimeType(); |
|
|
|
|
|
|
|
|
// Ugly hack to prevent security middleware messing up the CSP. |
|
|
|
|
|
header( |
|
|
|
|
|
|
|
|
// Ugly hack to have exact control over the response, to e.g. prevent security middleware |
|
|
|
|
|
// messing up the CSP. TODO find a neater solution than bluntly doing header() + echo + exit. |
|
|
|
|
|
header( // Add a super strict CSP: no connectivity allowed. |
|
|
"Content-Security-Policy: sandbox; default-src 'none'; img-src data:; media-src data:; " |
|
|
"Content-Security-Policy: sandbox; default-src 'none'; img-src data:; media-src data:; " |
|
|
. "style-src data: 'unsafe-inline'; font-src data:; frame-src data:" |
|
|
. "style-src data: 'unsafe-inline'; font-src data:; frame-src data:" |
|
|
); |
|
|
); |
|
|
|
