Spaces:
Running
Running
Add CSP protection on uploaded files (#1304)
Browse files
src/routes/conversation/[id]/output/[sha256]/+server.ts
CHANGED
|
@@ -44,6 +44,8 @@ export const GET: RequestHandler = async ({ locals, params }) => {
|
|
| 44 |
return new Response(Buffer.from(value, "base64"), {
|
| 45 |
headers: {
|
| 46 |
"Content-Type": mime ?? "application/octet-stream",
|
|
|
|
|
|
|
| 47 |
},
|
| 48 |
});
|
| 49 |
};
|
|
|
|
| 44 |
return new Response(Buffer.from(value, "base64"), {
|
| 45 |
headers: {
|
| 46 |
"Content-Type": mime ?? "application/octet-stream",
|
| 47 |
+
"Content-Security-Policy":
|
| 48 |
+
"default-src 'none'; script-src 'none'; style-src 'none'; sandbox;",
|
| 49 |
},
|
| 50 |
});
|
| 51 |
};
|
src/routes/settings/(nav)/assistants/[assistantId]/avatar.jpg/+server.ts
CHANGED
|
@@ -37,6 +37,8 @@ export const GET: RequestHandler = async ({ params }) => {
|
|
| 37 |
return new Response(content, {
|
| 38 |
headers: {
|
| 39 |
"Content-Type": "image/jpeg",
|
|
|
|
|
|
|
| 40 |
},
|
| 41 |
});
|
| 42 |
};
|
|
|
|
| 37 |
return new Response(content, {
|
| 38 |
headers: {
|
| 39 |
"Content-Type": "image/jpeg",
|
| 40 |
+
"Content-Security-Policy":
|
| 41 |
+
"default-src 'none'; script-src 'none'; style-src 'none'; sandbox;",
|
| 42 |
},
|
| 43 |
});
|
| 44 |
};
|