瀏覽代碼
Set a strict CSP policy for downloaded attachments, thumbnails, and raw repository files(#38417).
Patch by Holger Just. git-svn-id: https://svn.redmine.org/redmine/trunk@22295 e93f8b46-1217-0410-a6f0-8f06a7374b81tags/5.1.0
Go MAEDA
9 月之前
+ 5
- 0
app/controllers/attachments_controller.rb
查看文件
| @@ -321,4 +321,9 @@ class AttachmentsController < ApplicationController | |||
| request.raw_post | |||
| end | |||
| end | |||
| def send_file(path, options={}) | |||
| headers['content-security-policy'] = "default-src 'none'; style-src 'unsafe-inline'; sandbox" | |||
| super | |||
| end | |||
| end | |||
+ 5
- 0
app/controllers/repositories_controller.rb
查看文件
| @@ -431,6 +431,11 @@ class RepositoriesController < ApplicationController | |||
| end | |||
| end | |||
| def send_file(path, options={}) | |||
| headers['content-security-policy'] = "default-src 'none'; style-src 'unsafe-inline'; sandbox" | |||
| super | |||
| end | |||
| def valid_name?(rev) | |||
| return true if rev.nil? | |||
| return true if REV_PARAM_RE.match?(rev) | |||
Loading…