fix(helpdesk): add security headers and size limit to file proxy
- X-Content-Type-Options: nosniff prevents MIME sniffing - Content-Security-Policy: sandbox prevents script execution - 20 MB size limit on decoded file data (413 on exceed) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -45,7 +45,18 @@ if (!$result['ok'] || !isset($result['data'])) {
|
||||
}
|
||||
|
||||
$data = $result['data'];
|
||||
$maxFileSize = 20 * 1024 * 1024; // 20 MB
|
||||
|
||||
if (strlen($data) > $maxFileSize) {
|
||||
http_response_code(413);
|
||||
Router::json(['ok' => false, 'error' => 'File too large']);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$displayFilename = $filename !== '' ? $filename : 'attachment-' . $entryNo;
|
||||
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
header('Content-Security-Policy: sandbox');
|
||||
|
||||
Router::download($displayFilename, $data);
|
||||
|
||||
Reference in New Issue
Block a user