Browse Source

Remove "sandbox" from files CSP to have pdfs work in chrome

pull/73/head v1.0.2
andreimarcu 9 years ago
parent
commit
be08b7f0fd
  1. 2
      README.md
  2. 2
      server.go

2
README.md

@ -38,7 +38,7 @@ Usage
- ```-maxsize 4294967296``` -- maximum upload file size in bytes (default 4GB) - ```-maxsize 4294967296``` -- maximum upload file size in bytes (default 4GB)
- ```-allowhotlink``` -- Allow file hotlinking - ```-allowhotlink``` -- Allow file hotlinking
- ```-contentsecuritypolicy "..."``` -- Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer origin;") - ```-contentsecuritypolicy "..."``` -- Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer origin;")
- ```-filecontentsecuritypolicy "..."``` -- Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer origin;"")
- ```-filecontentsecuritypolicy "..."``` -- Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; referrer origin;")
- ```-xframeoptions "..." ``` -- X-Frame-Options header (default is "SAMEORIGIN") - ```-xframeoptions "..." ``` -- X-Frame-Options header (default is "SAMEORIGIN")
- ```-remoteuploads``` -- (optionally) enable remote uploads (/upload?url=https://...) - ```-remoteuploads``` -- (optionally) enable remote uploads (/upload?url=https://...)
- ```-nologs``` -- (optionally) disable request logs in stdout - ```-nologs``` -- (optionally) disable request logs in stdout

2
server.go

@ -190,7 +190,7 @@ func main() {
"default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer origin;", "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; referrer origin;",
"value of default Content-Security-Policy header") "value of default Content-Security-Policy header")
flag.StringVar(&Config.fileContentSecurityPolicy, "filecontentsecuritypolicy", flag.StringVar(&Config.fileContentSecurityPolicy, "filecontentsecuritypolicy",
"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; sandbox; referrer origin;",
"default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; referrer origin;",
"value of Content-Security-Policy header for file access") "value of Content-Security-Policy header for file access")
flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN", flag.StringVar(&Config.xFrameOptions, "xframeoptions", "SAMEORIGIN",
"value of X-Frame-Options header") "value of X-Frame-Options header")

Loading…
Cancel
Save