From 38cbe63ea222b8ec728ceb56915b7e84ae28e608 Mon Sep 17 00:00:00 2001 From: Matej Spiller Muys Date: Tue, 8 Mar 2022 10:25:55 +0100 Subject: [PATCH] Content-Security-Policy allow user triggered downloads --- .../nexus/repository/httpbridge/internal/ViewServlet.java | 2 +- .../nexus/repository/httpbridge/internal/ViewServletTest.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/nexus-repository-httpbridge/src/main/java/org/sonatype/nexus/repository/httpbridge/internal/ViewServlet.java b/plugins/nexus-repository-httpbridge/src/main/java/org/sonatype/nexus/repository/httpbridge/internal/ViewServlet.java index 819fb97f1a..24ddc9ae33 100644 --- a/plugins/nexus-repository-httpbridge/src/main/java/org/sonatype/nexus/repository/httpbridge/internal/ViewServlet.java +++ b/plugins/nexus-repository-httpbridge/src/main/java/org/sonatype/nexus/repository/httpbridge/internal/ViewServlet.java @@ -65,7 +65,7 @@ public class ViewServlet { private static final Logger log = LoggerFactory.getLogger(ViewServlet.class); - private static final String SANDBOX = "sandbox allow-forms allow-modals allow-popups allow-presentation allow-scripts allow-top-navigation"; + private static final String SANDBOX = "sandbox allow-forms allow-modals allow-popups allow-presentation allow-scripts allow-top-navigation allow-downloads"; @VisibleForTesting static final String P_DESCRIBE = "describe"; diff --git a/plugins/nexus-repository-httpbridge/src/test/java/org/sonatype/nexus/repository/httpbridge/internal/ViewServletTest.java b/plugins/nexus-repository-httpbridge/src/test/java/org/sonatype/nexus/repository/httpbridge/internal/ViewServletTest.java index 896916d459..03156598a9 100644 --- a/plugins/nexus-repository-httpbridge/src/test/java/org/sonatype/nexus/repository/httpbridge/internal/ViewServletTest.java +++ b/plugins/nexus-repository-httpbridge/src/test/java/org/sonatype/nexus/repository/httpbridge/internal/ViewServletTest.java @@ -184,7 +184,7 @@ public void responseHasContentSecurityPolicy() throws Exception { underTest.service(httpServletRequest, servletResponse); verify(servletResponse).setHeader(HttpHeaders.CONTENT_SECURITY_POLICY, - "sandbox allow-forms allow-modals allow-popups allow-presentation allow-scripts allow-top-navigation"); + "sandbox allow-forms allow-modals allow-popups allow-presentation allow-scripts allow-top-navigation allow-downloads"); } @Test