Filip/matrix-spec
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-spec synced 2026-03-09 13:04:09 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Specify the minimum CSP for media

Browse source 
Fixes https://github.com/matrix-org/matrix-doc/issues/1066
This commit is contained in:
Travis Ralston 2018-08-29 10:55:34 -06:00
parent e401b7255c
commit ec20c43220
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
specification/modules/content_repo.rst
View file

@ -33,6 +33,11 @@ recipient's local homeserver, which must first transfer the content from the
origin homeserver using the same API (unless the origin and destination origin homeserver using the same API (unless the origin and destination
homeservers are the same). homeservers are the same).
When serving content, the server MUST provide a ``Content-Security-Policy``
header. The policy may be more restrictive, however the minimum policy is
``default-src 'none'; script-src 'none'; plugin-types application/pdf;
style-src 'unsafe-inline'; object-src 'self';``.
Client behaviour Client behaviour
---------------- ----------------