From 9d1a12b0d1812214f1fe6fa56e3848091ce4945c Mon Sep 17 00:00:00 2001
From: Elias Schneider <login@eliasschneider.com>
Date: Fri, 5 Apr 2024 11:37:47 +0200
Subject: [PATCH] fix: disable js execution on raw file view

---
 backend/src/file/file.controller.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/backend/src/file/file.controller.ts b/backend/src/file/file.controller.ts
index c11b70c..4ec6cd1 100644
--- a/backend/src/file/file.controller.ts
+++ b/backend/src/file/file.controller.ts
@@ -26,7 +26,13 @@ export class FileController {
   @SkipThrottle()
   @UseGuards(CreateShareGuard, ShareOwnerGuard)
   async create(
-    @Query() query: any,
+    @Query()
+    query: {
+      id: string;
+      name: string;
+      chunkIndex: string;
+      totalChunks: string;
+    },
     @Body() body: string,
     @Param("shareId") shareId: string,
   ) {
@@ -69,6 +75,7 @@ export class FileController {
     const headers = {
       "Content-Type": file.metaData.mimeType,
       "Content-Length": file.metaData.size,
+      "Content-Security-Policy": "script-src 'none'",
     };
 
     if (download === "true") {