Just to be clear, if you run a pleroma server, it’s a very good idea to add this to your nginx config immediately:

location ~ ^/(media|proxy) {

add_header Content-Security-Policy "sandbox;";

Most people will already not be vulnerable to this for a variety of reasons, but this will absolutely stop it.