Announcement

Collapse
No announcement yet.

Content Security Policy

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Content Security Policy

    In the config file, if we set clientCspDisabled => true that disables the Content Security Policy header on most pages. However, the header is still present when viewing inline attachments (entryPoint=download). Can you make it so the header is also disabled on this page? Or can you create a new config setting to disable the header on the download page? I have HTML files as attachments and because of the header, the files are displayed without their embedded styles and images.

  • #2
    No as it would be a security vulnerability. Viewing HTML with the download entry point is misusing of the functionality.

    Comment

    Working...
    X