mirror of
https://github.com/FreshRSS/FreshRSS.git
synced 2026-02-14 15:31:13 -05:00
7e5d2d0727
Some [misconfigured instances](https://github.com/FreshRSS/FreshRSS/issues/7835) may be stripping out the CSP header that `f.php` sends, which can be mitigated by forcing the browser to download the image instead of displaying it and executing JS code from unsanitized SVGs for example. Contributes to https://github.com/FreshRSS/FreshRSS/pull/8263 and https://github.com/FreshRSS/FreshRSS/pull/7924 (improving security when CSP is not present)
2.1 KiB
2.1 KiB