From 1864951bdbf573431e795109224a45545b86b54d Mon Sep 17 00:00:00 2001
From: Elias Schneider <login@eliasschneider.com>
Date: Wed, 7 May 2025 13:39:02 +0200
Subject: [PATCH] fix: use sandbox CSP for file previews

---
 backend/src/file/file.controller.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/file/file.controller.ts b/backend/src/file/file.controller.ts
index e7d4e96..fa89093 100644
--- a/backend/src/file/file.controller.ts
+++ b/backend/src/file/file.controller.ts
@@ -78,7 +78,7 @@ export class FileController {
       "Content-Type":
         mime?.lookup?.(file.metaData.name) || "application/octet-stream",
       "Content-Length": file.metaData.size,
-      "Content-Security-Policy": "script-src 'none'",
+      "Content-Security-Policy": "sandbox",
     };
 
     if (download === "true") {