[17.0][FIX] fs_attachment: Add CSP header for fs stream

OCA · Oct 31, 2024 · b8eec32 · b8eec32
1 parent 0a2f0bb
commit b8eec32
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/fs_attachment/fs_stream.py b/fs_attachment/fs_stream.py
@@ -38,7 +38,7 @@ def read(self):
                 return f.read()
         return super().read()
 
-    def get_response(self, as_attachment=None, immutable=None, **send_file_kwargs):
+    def get_response(self, as_attachment=None, immutable=None, content_security_policy="default-src 'none'", **send_file_kwargs):
         if self.type != "fs":
             return super().get_response(
                 as_attachment=as_attachment, immutable=immutable, **send_file_kwargs
@@ -79,6 +79,12 @@ def get_response(self, as_attachment=None, immutable=None, **send_file_kwargs):
 
         if immutable and res.cache_control:
             res.cache_control["immutable"] = None
+
+        res.headers['X-Content-Type-Options'] = 'nosniff'
+
+        if content_security_policy:
+            res.headers['Content-Security-Policy'] = content_security_policy
+
         return res
 
     @classmethod