From b508ac3d4f7f0f75d6b49c99bdc661a6d2173f30 Mon Sep 17 00:00:00 2001 From: Anchit Bajaj Date: Thu, 27 Jul 2023 15:12:27 +0530 Subject: [PATCH] fix: xss vulnerability in /api/raw (#2570) (#2572) --- http/raw.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/raw.go b/http/raw.go index 1312510b..9bf982e9 100644 --- a/http/raw.go +++ b/http/raw.go @@ -207,7 +207,7 @@ func rawFileHandler(w http.ResponseWriter, r *http.Request, file *files.FileInfo defer fd.Close() setContentDisposition(w, r, file) - + w.Header().Add("Content-Security-Policy", `script-src 'none';`) w.Header().Set("Cache-Control", "private") http.ServeContent(w, r, file.Name, file.ModTime, fd) return 0, nil