mirrors
/
authentik
mirror of https://github.com/goauthentik/authentik.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
authentik/internal
History
Simonyi Gergő 4189981995
internal: add CSP header to files in `/media` (#12092) 
add CSP header to files in `/media`

This fixes a security issue of stored cross-site scripting via embedding
JavaScript in SVG files by a malicious user with `can_save_media`
capability.

This can be exploited if:
- the uploaded file is served from the same origin as authentik, and
- the user opens the uploaded file directly in their browser

Co-authored-by: Jens L. <jens@goauthentik.io>
 		2024-11-21 09:16:07 +01:00
..
common web/admin: fix error adding users to groups (#5016) 2023-03-20 18:15:36 +01:00
config root: make redis settings more consistent (#9335) 2024-04-18 16:49:41 +02:00
constants release: 2024.10.2 (#12031) 2024-11-15 00:53:40 +01:00
crypto core: FIPS (#9683) 2024-05-23 17:34:52 +00:00
debug internal: fix linting error 2023-01-09 17:17:27 +01:00
gounicorn root: move database calls from ready() to dedicated startup signal (#9081) 2024-04-02 14:19:32 +02:00
outpost root: check remote IP for proxy protocol same as HTTP/etc (#12094) 2024-11-20 21:33:35 +01:00
utils root: check remote IP for proxy protocol same as HTTP/etc (#12094) 2024-11-20 21:33:35 +01:00
web internal: add CSP header to files in `/media` (#12092) 2024-11-21 09:16:07 +01:00