V1.12.2: Verify that user-uploaded files - if required to be displayed or downloaded from the application - are served by either octet stream downloads, or from an unrelated domain, such as a cloud file storage bucket. Implement a suitable Content Security Policy (CSP) to reduce the risk from XSS vectors or other attacks from the uploaded file. #484
Closed
Labels
kind/user-story
Used for issues that describes functionality for our users.
We do se serve file downloads as octet stream, so no changes is needed regarding this.
We are missing a Content Security Policy. Research and add a suitable CSP header to all requests.
This also affects "V14.4.3: " in #481 so mark that task as completed when done
The text was updated successfully, but these errors were encountered: