since ‎17-02-2021
2 hours ago
Prem_IB
Level 1
Adding a response header to specific resources
Avatar

Prem_IB

Prem_IB
- Adobe Experience Manager
I am trying to add response header, specifically - Content-Security-Policy script-src to requests on resources under /content/dam/ or resources with .png extension. Should I add the filters on sling? or is there any other way to it directly add headers on dispatcher.

Views

58

Likes

0

Replies

1
Re: Issues that might arise due to having content disposi...
Avatar

Prem_IB

Prem_IB
- Adobe Experience Manager
thanks for the reply kunal. The images I am uploading to clients are already coming from my domain only. but what if one of many authors that are uploading assets to my site, uploads a malicious image. In that time img-src 'self' wouldn't stop the malicious code to be executed on client, right?

Views

64

Likes

0

Replies

0
Issues that might arise due to having content disposition inline on images
Avatar

Prem_IB

Prem_IB
- Adobe Experience Manager
I have already asked the same question before on the forum, sorry for posting again. l asked the following question. "I am trying to display images (png, jpeg, gif, svg) directly on browser instead of letting the users downloading it. I've read from so many places that having content disposition header as inline might cause some security issues, and it is better to have it as attachment. Can anyone provide me a scenario where this might be a problem?" From the answers from my previous post, I co...

Views

105

Likes

0

Replies

4
Re: Issues that might arise due to having content disposi...
Avatar

Prem_IB

Prem_IB
- Adobe Experience Manager
Sanket, thanks for the reply. I specifically want to display some pictures that are stored under 'content/dam/*: images/png'. can i add a 'Content-Security-Policy': 'script-src none' header to those urls to stop script execution?

Views

42

Likes

0

Replies

0
Issues that might arise due to having content disposition: inline on images
Avatar

Prem_IB

Prem_IB
- Adobe Experience Manager
I am trying to display images (png, jpeg, gif, svg) directly on browser instead of letting the users downloading it. I've read from so many places that having content disposition header as inline might cause some security issues, and it is better to have it as attachment. Can anyone provide me a scenario where this might be a problem?

Views

82

Likes

0

Replies

2
Likes given to