2 files changed, 10 insertions, 0 deletions

diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 06a236c2c..414ecfde0 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -321,4 +321,9 @@ class AttachmentsController < ApplicationController
       request.raw_post
     end
   end
+
+  def send_file(path, options={})
+    headers['content-security-policy'] = "default-src 'none'; style-src 'unsafe-inline'; sandbox"
+    super
+  end
 end
diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb
index 8ecb0022f..3fb69e8b2 100644
--- a/app/controllers/repositories_controller.rb
+++ b/app/controllers/repositories_controller.rb
@@ -431,6 +431,11 @@ class RepositoriesController < ApplicationController
     end
   end
 
+  def send_file(path, options={})
+    headers['content-security-policy'] = "default-src 'none'; style-src 'unsafe-inline'; sandbox"
+    super
+  end
+
   def valid_name?(rev)
     return true if rev.nil?
     return true if REV_PARAM_RE.match?(rev)