From 45a0535640fb066e28fdc7b31bd945dcef53e9ea Mon Sep 17 00:00:00 2001
From: El RIDO <elrido@gmx.net>
Date: Thu, 11 Jun 2020 18:29:32 +0200
Subject: [PATCH] adding new flag to sandbox policy, introduced and required by
 Chrome 83 - fixes #634

---
 cfg/conf.sample.php   | 2 +-
 lib/Configuration.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cfg/conf.sample.php b/cfg/conf.sample.php
index 863974a2..e2ba01a1 100644
--- a/cfg/conf.sample.php
+++ b/cfg/conf.sample.php
@@ -79,7 +79,7 @@ languageselection = false
 ;   async functions and display an error if not and for Chrome to enable
 ;   webassembly support (used for zlib compression). You can remove it if Chrome
 ;   doesn't need to be supported and old browsers don't need to be warned.
-; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals"
+; cspheader = "default-src 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval' resource:; style-src 'self'; font-src 'self'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
 
 ; stay compatible with PrivateBin Alpha 0.19, less secure
 ; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of
diff --git a/lib/Configuration.php b/lib/Configuration.php
index 4df121f4..89db37ae 100644
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -53,7 +53,7 @@ class Configuration
             'urlshortener'             => '',
             'qrcode'                   => true,
             'icon'                     => 'identicon',
-            'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals',
+            'cspheader'                => 'default-src \'none\'; manifest-src \'self\'; connect-src * blob:; script-src \'self\' \'unsafe-eval\' resource:; style-src \'self\'; font-src \'self\'; img-src \'self\' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads',
             'zerobincompatibility'     => false,
             'httpwarning'              => true,
             'compression'              => 'zlib',