Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-14 23:44:10 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #1743 from matrix-org/dbkr/add_sandbox_to_csp

Browse source 
Add 'sandbox' to recommended CSP header
This commit is contained in:
Travis Ralston 2018-12-17 10:28:06 -07:00 committed by GitHub
parent 3fda4a3989 e318286404
commit 35de43de61
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
specification/modules/content_repo.rst
View file

@ -34,8 +34,9 @@ origin homeserver using the same API (unless the origin and destination
homeservers are the same). homeservers are the same).
When serving content, the server SHOULD provide a ``Content-Security-Policy`` When serving content, the server SHOULD provide a ``Content-Security-Policy``
header. The recommended policy is ``default-src 'none'; script-src 'none'; header. The recommended policy is ``sandbox; default-src 'none'; script-src
plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';``. 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src
'self';``.
Client behaviour Client behaviour
---------------- ----------------