Work in progress.

author Daira Hopwood <daira@jacaranda.org>

Tue, 22 Jul 2014 17:36:03 +0000 (18:36 +0100)

committer Daira Hopwood <daira@jacaranda.org>

Tue, 22 Jul 2014 17:36:03 +0000 (18:36 +0100)
author Daira Hopwood <daira@jacaranda.org>
Tue, 22 Jul 2014 17:36:03 +0000 (18:36 +0100)
committer Daira Hopwood <daira@jacaranda.org>
Tue, 22 Jul 2014 17:36:03 +0000 (18:36 +0100)
diff --git a/src/allmydata/web/filenode.py b/src/allmydata/web/filenode.py

index bce8e90cd1727ce3fa9c8f941465c748ce43549d..07a678681502ff150db1e630d1b705867318a8d7 100644 (file)
--- a/src/allmydata/web/filenode.py
+++ b/src/allmydata/web/filenode.py
@@ -419,6 +419,13 @@ class FileDownloader(rend.Page):
              req.setHeader("content-disposition",
                            'attachment; filename="%s"' % self.filename)
  
+        # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2136>
+        for header in ('Content-Security-Policy', 'X-Content-Security-Policy', 'X-Webkit-CSP'):
+            req.setHeader(header, 'sandbox')
+
+        # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1455>
+        req.setHeader('X-Frame-Options', 'DENY')
+
          filesize = self.filenode.get_size()
          assert isinstance(filesize, (int,long)), filesize
          first, size = 0, None
author	Daira Hopwood <daira@jacaranda.org>
	Tue, 22 Jul 2014 17:36:03 +0000 (18:36 +0100)
committer	Daira Hopwood <daira@jacaranda.org>
	Tue, 22 Jul 2014 17:36:03 +0000 (18:36 +0100)