From: Daira Hopwood <daira@jacaranda.org>
Date: Tue, 22 Jul 2014 17:36:03 +0000 (+0100)
Subject: Work in progress.
X-Git-Url: https://git.rkrishnan.org/vdrive/class-simplejson.JSONEncoder-index.html?a=commitdiff_plain;h=2691b25cf45eca3d85aad2a871877f435816715e;p=tahoe-lafs%2Ftahoe-lafs.git

Work in progress.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---

diff --git a/src/allmydata/web/filenode.py b/src/allmydata/web/filenode.py
index bce8e90c..07a67868 100644
--- a/src/allmydata/web/filenode.py
+++ b/src/allmydata/web/filenode.py
@@ -419,6 +419,13 @@ class FileDownloader(rend.Page):
             req.setHeader("content-disposition",
                           'attachment; filename="%s"' % self.filename)
 
+        # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2136>
+        for header in ('Content-Security-Policy', 'X-Content-Security-Policy', 'X-Webkit-CSP'):
+            req.setHeader(header, 'sandbox')
+
+        # <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1455>
+        req.setHeader('X-Frame-Options', 'DENY')
+
         filesize = self.filenode.get_size()
         assert isinstance(filesize, (int,long)), filesize
         first, size = 0, None