Simonyi Gergő 4189981995 internal: add CSP header to files in /media (#12092) ...

add CSP header to files in `/media`

This fixes a security issue of stored cross-site scripting via embedding
JavaScript in SVG files by a malicious user with `can_save_media`
capability.

This can be exploited if:
- the uploaded file is served from the same origin as authentik, and
- the user opens the uploaded file directly in their browser

Co-authored-by: Jens L. <jens@goauthentik.io>

2024-11-21 09:16:07 +01:00

..

common

web/admin: fix error adding users to groups (#5016)

2023-03-20 18:15:36 +01:00

config

root: make redis settings more consistent (#9335)

2024-04-18 16:49:41 +02:00

constants

release: 2024.10.2 (#12031)

2024-11-15 00:53:40 +01:00

crypto

core: FIPS (#9683)

2024-05-23 17:34:52 +00:00

debug

internal: fix linting error

2023-01-09 17:17:27 +01:00

gounicorn

root: move database calls from ready() to dedicated startup signal (#9081)

2024-04-02 14:19:32 +02:00

outpost

root: check remote IP for proxy protocol same as HTTP/etc (#12094)

2024-11-20 21:33:35 +01:00

utils

root: check remote IP for proxy protocol same as HTTP/etc (#12094)

2024-11-20 21:33:35 +01:00

web

internal: add CSP header to files in /media (#12092)

2024-11-21 09:16:07 +01:00