From: Daira Hopwood Date: Tue, 22 Jul 2014 17:36:03 +0000 (+0100) Subject: Work in progress. X-Git-Url: https://git.rkrishnan.org/simplejson/$rel_link?a=commitdiff_plain;h=2691b25cf45eca3d85aad2a871877f435816715e;p=tahoe-lafs%2Ftahoe-lafs.git Work in progress. Signed-off-by: Daira Hopwood --- diff --git a/src/allmydata/web/filenode.py b/src/allmydata/web/filenode.py index bce8e90c..07a67868 100644 --- a/src/allmydata/web/filenode.py +++ b/src/allmydata/web/filenode.py @@ -419,6 +419,13 @@ class FileDownloader(rend.Page): req.setHeader("content-disposition", 'attachment; filename="%s"' % self.filename) + # + for header in ('Content-Security-Policy', 'X-Content-Security-Policy', 'X-Webkit-CSP'): + req.setHeader(header, 'sandbox') + + # + req.setHeader('X-Frame-Options', 'DENY') + filesize = self.filenode.get_size() assert isinstance(filesize, (int,long)), filesize first, size = 0, None