From 2691b25cf45eca3d85aad2a871877f435816715e Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Tue, 22 Jul 2014 18:36:03 +0100
Subject: [PATCH] Work in progress.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 src/allmydata/web/filenode.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/allmydata/web/filenode.py b/src/allmydata/web/filenode.py
index bce8e90c..07a67868 100644
--- a/src/allmydata/web/filenode.py
+++ b/src/allmydata/web/filenode.py
@@ -419,6 +419,13 @@ class FileDownloader(rend.Page):
             req.setHeader("content-disposition",
                           'attachment; filename="%s"' % self.filename)
 
+        # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2136>
+        for header in ('Content-Security-Policy', 'X-Content-Security-Policy', 'X-Webkit-CSP'):
+            req.setHeader(header, 'sandbox')
+
+        # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1455>
+        req.setHeader('X-Frame-Options', 'DENY')
+
         filesize = self.filenode.get_size()
         assert isinstance(filesize, (int,long)), filesize
         first, size = 0, None
-- 
2.45.2