Tightened up the content security policy for non HTML files.

2022-03-01 20:36:34 +00:00 · 2022-03-01 20:36:34 +00:00 · 69309c437e
commit 69309c437e
parent e392e4d344
1 changed files with 1 additions and 1 deletions
--- a/src/main/java/org/qortal/arbitrary/ArbitraryDataRenderer.java
+++ b/src/main/java/org/qortal/arbitrary/ArbitraryDataRenderer.java
@ -128,7 +128,7 @@ public class ArbitraryDataRenderer {
                // Regular file - can be streamed directly
                File file = new File(filePath);
                FileInputStream inputStream = new FileInputStream(file);
-                response.addHeader("Content-Security-Policy", "default-src 'self' 'unsafe-inline'; media-src 'self' blob:");
+                response.addHeader("Content-Security-Policy", "default-src 'self'");
                response.setContentType(context.getMimeType(filename));
                int bytesRead, length = 0;
                byte[] buffer = new byte[10240];