about summary refs log tree commit diff
path: root/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/applications/version-management/gitea/csp-early-1.21.11.patch')
-rw-r--r--pkgs/applications/version-management/gitea/csp-early-1.21.11.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch b/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch
new file mode 100644
index 0000000000000..2b479fb21cf7b
--- /dev/null
+++ b/pkgs/applications/version-management/gitea/csp-early-1.21.11.patch
@@ -0,0 +1,20 @@
+diff --git a/routers/web/repo/render.go b/routers/web/repo/render.go
+index f07b4e8c11..1fcaa83c4f 100644
+--- a/routers/web/repo/render.go
++++ b/routers/web/repo/render.go
+@@ -44,6 +44,7 @@ func RenderFile(ctx *context.Context) {
+ 	isTextFile := st.IsText()
+ 
+ 	rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc))
++	ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
+ 
+ 	if markupType := markup.Type(blob.Name()); markupType == "" {
+ 		if isTextFile {
+@@ -62,7 +63,6 @@ func RenderFile(ctx *context.Context) {
+ 		treeLink += "/" + util.PathEscapeSegments(ctx.Repo.TreePath)
+ 	}
+ 
+-	ctx.Resp.Header().Add("Content-Security-Policy", "frame-src 'self'; sandbox allow-scripts")
+ 	err = markup.Render(&markup.RenderContext{
+ 		Ctx:              ctx,
+ 		RelativePath:     ctx.Repo.TreePath,
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-16 20:34:37 +0000