From 7e545533cf79e2b97c9ad9b3aac5527aa8a79f00 Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Tue, 7 Nov 2023 07:24:41 +0800
Subject: [PATCH] chore: update resource cache control

---
 api/resource/resource.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/resource/resource.go b/api/resource/resource.go
index 892ea7a7..c6e6beec 100644
--- a/api/resource/resource.go
+++ b/api/resource/resource.go
@@ -106,8 +106,9 @@ func (s *Service) streamResource(c echo.Context) error {
 		}
 	}
 
-	c.Response().Writer.Header().Set(echo.HeaderCacheControl, "max-age=31536000, immutable")
-	c.Response().Writer.Header().Set(echo.HeaderContentSecurityPolicy, "default-src 'self'")
+	c.Response().Writer.Header().Set(echo.HeaderCacheControl, "max-age=3600")
+	c.Response().Writer.Header().Set(echo.HeaderContentSecurityPolicy, "default-src 'none'; script-src 'none'; img-src 'self'; media-src 'self'; sandbox;")
+	c.Response().Writer.Header().Set("Content-Disposition", fmt.Sprintf(`filename="%s"`, resource.Filename))
 	resourceType := strings.ToLower(resource.Type)
 	if strings.HasPrefix(resourceType, "text") {
 		resourceType = echo.MIMETextPlainCharsetUTF8
@@ -115,7 +116,6 @@ func (s *Service) streamResource(c echo.Context) error {
 		http.ServeContent(c.Response(), c.Request(), resource.Filename, time.Unix(resource.UpdatedTs, 0), bytes.NewReader(blob))
 		return nil
 	}
-	c.Response().Writer.Header().Set("Content-Disposition", fmt.Sprintf(`filename="%s"`, resource.Filename))
 	return c.Stream(http.StatusOK, resourceType, bytes.NewReader(blob))
 }