Add CSP protection on uploaded files (#1304)

nsarrazin · web-flow · commit f3f6a8b62910 · 2024-07-01T10:18:02.000+02:00
Add CSP
diff --git a/src/routes/conversation/[id]/output/[sha256]/+server.ts b/src/routes/conversation/[id]/output/[sha256]/+server.ts
@@ -44,6 +44,8 @@ export const GET: RequestHandler = async ({ locals, params }) => {
 	return new Response(Buffer.from(value, "base64"), {
 		headers: {
 			"Content-Type": mime ?? "application/octet-stream",
+			"Content-Security-Policy":
+				"default-src 'none'; script-src 'none'; style-src 'none'; sandbox;",
 		},
 	});
 };
diff --git a/src/routes/settings/(nav)/assistants/[assistantId]/avatar.jpg/+server.ts b/src/routes/settings/(nav)/assistants/[assistantId]/avatar.jpg/+server.ts
@@ -37,6 +37,8 @@ export const GET: RequestHandler = async ({ params }) => {
 	return new Response(content, {
 		headers: {
 			"Content-Type": "image/jpeg",
+			"Content-Security-Policy":
+				"default-src 'none'; script-src 'none'; style-src 'none'; sandbox;",
 		},
 	});
 };
