Merge pull request #24189 from nextcloud/enh/csp/frame-ancestors

Set frame-ancestors to none if none are filled
author: Roeland Jago Douma <rullzer@users.noreply.github.com> 2020-11-18 13:29:28 +0300
committer: GitHub <noreply@github.com> 2020-11-18 13:29:28 +0300
commit: 66013f906d1957bdc9de1851a0f7497fbc5bbfbf (patch)
tree: a744991b234c271f2e1a0c1ee0f8a9e9d02ebb6a /lib/public/AppFramework
parent: 884c80053aa693732bb685c717cdf133ed73f13d (diff)
parent: 9163790b7cc3c566c3d203205359da93e31bb133 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 6265bb04c5c..d4c3a022c13 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -509,6 +509,8 @@ class EmptyContentSecurityPolicy {
 		if (!empty($this->allowedFrameAncestors)) {
 			$policy .= 'frame-ancestors ' . implode(' ', $this->allowedFrameAncestors);
 			$policy .= ';';
+		} else {
+			$policy .= 'frame-ancestors \'none\';';
 		}
 
 		if (!empty($this->allowedWorkerSrcDomains)) {
author	Roeland Jago Douma <rullzer@users.noreply.github.com>	2020-11-18 13:29:28 +0300
committer	GitHub <noreply@github.com>	2020-11-18 13:29:28 +0300
commit	66013f906d1957bdc9de1851a0f7497fbc5bbfbf (patch)
tree	a744991b234c271f2e1a0c1ee0f8a9e9d02ebb6a /lib/public/AppFramework
parent	884c80053aa693732bb685c717cdf133ed73f13d (diff)
parent	9163790b7cc3c566c3d203205359da93e31bb133 (diff)