Re: [Debconf-discuss] Canadian Pollito

To: debconf-discuss@lists.debconf.org
Subject: Re: [Debconf-discuss] Canadian Pollito
From: Philipp Kern <pkern@debian.org>
Date: Sat, 25 Mar 2017 12:42:43 +0100
Message-id: <[🔎] 9f6906b7-07f5-e8dc-5db1-56724a27210f@debian.org>
In-reply-to: <[🔎] 9facf958-c22b-9962-0a89-18323b1018eb@riseup.net>
References: <[🔎] 9facf958-c22b-9962-0a89-18323b1018eb@riseup.net>

On 03/23/2017 11:40 PM, Jerome Charaoui wrote:
> Pollito not understand why Chromium Content Security Policy squawking,
> so suggest Firefox or wget to download.

It seems surprisingly hard to find a rationale for this quickly, but I
suppose that's because these two HTTP response headers are conflicting:

Content-Security-Policy: default-src 'none'
Content-Disposition: inline; filename="canadian_pollito.pdf"

The CSP seems to disallow inline content (but refers to styles and
scripts, not embedded files; but maybe that's actually the same thing)
by overwriting all pre-existing defaults with deny.

Kind regards
Philipp Kern

Reply to:

References:
- [Debconf-discuss] Canadian Pollito
  - From: Jerome Charaoui <jerome@debconf.org>

Prev by Date: [Debconf-discuss] Canadian Pollito
Next by Date: Re: [Debconf-discuss] US laptop ban and DebConf
Previous by thread: [Debconf-discuss] Canadian Pollito
Next by thread: [Debconf-discuss] Does US Visa help getting into Canada in any way?
Index(es):
- Date
- Thread