Add quotes and be explicity about script-src
This commit is contained in:
parent
662b031a30
commit
d51b8a1674
|
@ -47,7 +47,8 @@ class DownloadResource(Resource):
|
||||||
def _async_render_GET(self, request):
|
def _async_render_GET(self, request):
|
||||||
request.setHeader(
|
request.setHeader(
|
||||||
"Content-Security-Policy",
|
"Content-Security-Policy",
|
||||||
"default-src none;"
|
"default-src 'none';"
|
||||||
|
" script-src 'none';"
|
||||||
" plugin-types application/pdf;"
|
" plugin-types application/pdf;"
|
||||||
" style-src 'unsafe-inline';"
|
" style-src 'unsafe-inline';"
|
||||||
" object-src 'self';"
|
" object-src 'self';"
|
||||||
|
|
Loading…
Reference in New Issue