🐛(back) allow only images to be used with the cors-proxy

The cors-proxy endpoint allowed to use every type of files and to execute it in the browser. We limit the scope only to images and Content-Security-Policy and Content-Disposition headers are also added to not allow script execution that can be present in a SVG file.
2025-03-20 11:04:02 +01:00
parent 3a6105cc7e
commit 313acf4f78
3 changed files with 54 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,8 +8,14 @@ and this project adheres to

 ## [Unreleased]

+## Added
+
 - 📝(doc) add publiccode.yml

+## Fixed
+
+- 🐛(back) allow only images to be used with the cors-proxy #781
+
 ## [2.5.0] - 2025-03-18

 ## Added