Mirror/filebrowser
1
0
Fork 0
mirror of https://github.com/filebrowser/filebrowser.git synced 2024-06-07 23:00:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: xss vulnerability in /api/raw (#2570) (#2572)

Browse Source
This commit is contained in:
Anchit Bajaj 2023-07-27 15:12:27 +05:30 committed by GitHub
parent ff4375cf6c
commit b508ac3d4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
http/raw.go
View File

@ -207,7 +207,7 @@ func rawFileHandler(w http.ResponseWriter, r *http.Request, file *files.FileInfo
defer fd.Close()
setContentDisposition(w, r, file)
w.Header().Add("Content-Security-Policy", `script-src 'none';`)
w.Header().Set("Cache-Control", "private")
http.ServeContent(w, r, file.Name, file.ModTime, fd)
return 0, nil