I am trying to add response header, specifically -
Content-Security-Policy script-src to requests on resources under
/content/dam/ or resources with .png extension. Should I add the filters
on sling? or is there any other way to it directly add headers on
dispatcher.
thanks for the reply kunal. The images I am uploading to clients are
already coming from my domain only. but what if one of many authors that
are uploading assets to my site, uploads a malicious image. In that time
img-src 'self' wouldn't stop the malicious code to be executed on
client, right?
I have already asked the same question before on the forum, sorry for
posting again. l asked the following question. "I am trying to display
images (png, jpeg, gif, svg) directly on browser instead of letting the
users downloading it. I've read from so many places that having content
disposition header as inline might cause some security issues, and it is
better to have it as attachment. Can anyone provide me a scenario where
this might be a problem?" From the answers from my previous post, I
co...
Sanket, thanks for the reply. I specifically want to display some
pictures that are stored under 'content/dam/*: images/png'. can i add a
'Content-Security-Policy': 'script-src none' header to those urls to
stop script execution?
I am trying to display images (png, jpeg, gif, svg) directly on browser
instead of letting the users downloading it. I've read from so many
places that having content disposition header as inline might cause some
security issues, and it is better to have it as attachment. Can anyone
provide me a scenario where this might be a problem?
