Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-04-22 10:44:10 +02:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Add 'sandbox' to recommended CSP header

Browse source
This commit is contained in:
David Baker 2018-12-10 17:33:04 +00:00
parent 16f17855c9
commit e318286404
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
specification/modules/content_repo.rst
View file

@ -34,8 +34,9 @@ origin homeserver using the same API (unless the origin and destination
homeservers are the same). homeservers are the same).
When serving content, the server SHOULD provide a ``Content-Security-Policy`` When serving content, the server SHOULD provide a ``Content-Security-Policy``
header. The recommended policy is ``default-src 'none'; script-src 'none'; header. The recommended policy is ``sandbox; default-src 'none'; script-src
plugin-types application/pdf; style-src 'unsafe-inline'; object-src 'self';``. 'none'; plugin-types application/pdf; style-src 'unsafe-inline'; object-src
'self';``.
Client behaviour Client behaviour
---------------- ----------------