fixed CSRF danger for uploaded html files

2026-01-12 19:52:02 +01:00
parent d2348a4875
commit 83e9426c8c
2 changed files with 72 additions and 18 deletions
--- a/webserver.Dockerfile
+++ b/webserver.Dockerfile
@@ -42,4 +42,10 @@ IndexHeadInsert "<link rel=\\"stylesheet\\" href=\\"/icons/autoindex-custom.css\
    Require all granted\n\
 </Directory>\n' >> /usr/local/apache2/conf/httpd.conf

+# Force download for shared files
+RUN printf '\n# --- Force download in _share ---\n\
+<Directory "/usr/local/apache2/htdocs/_share">\n\
+    Header set Content-Disposition "attachment"\n\
+</Directory>\n' >> /usr/local/apache2/conf/httpd.conf
+
 EXPOSE 80