Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2025-12-24 01:58:36 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #1600 from turt2live/travis/c2s/media-csp

Browse source 
Specify the minimum CSP for media
This commit is contained in:
Travis Ralston 2018-08-31 08:32:33 -06:00 committed by GitHub
parent 73736d41db 440841d1ff
commit c127eed7e7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelogs/client_server/newsfragments/1600.feature Normal file
View file

@ -0,0 +1 @@
Recommend that servers set a Content Security Policy for the content repository.

4
specification/modules/content_repo.rst
View file

@ -33,6 +33,10 @@ recipient's local homeserver, which must first transfer the content from the
origin homeserver using the same API (unless the origin and destination
homeservers are the same).
When serving content, the server SHOULD provide a ``Content-Security-Policy``
header. The recommended policy is ``default-src 'none'; script-src 'none';
plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';``.
Client behaviour
----------------