Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Allow HTML-only headers for SVG files #5281

Open
Seirdy opened this issue Aug 9, 2022 · 0 comments
Open

[Feature] Allow HTML-only headers for SVG files #5281

Seirdy opened this issue Aug 9, 2022 · 0 comments
Labels
enhancement type:new-feature

Comments

@Seirdy
Copy link

Seirdy commented Aug 9, 2022

🚀 Feature request

Description

Requests for SVG files should be allowed to include HTML-only headers: CSP, X-XSS-Protection, etc.

Details

The SVG spec is really advanced, and allows a great deal of complex behavior (and vulnerabilities; see the Tor Browser's rationale for disabling SVG when increasing the security level). Headers like Content-Security-Policy can impact how the browser handles an SVG.

This feature could be considered a partial fix to #3403.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement type:new-feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vidorteg @Seirdy and others