diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-17 18:19:03 +0300 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-18 12:13:36 +0300 |
| commit | 9163790b7cc3c566c3d203205359da93e31bb133 (patch) | |
| tree | ebf5bb38a9051950a59658cd40ec2c9801821675 /lib/public/AppFramework | |
| parent | 5acabcf5cbcb1db92fd9661bc1ed5735ae316323 (diff) | |
Set frame-ancestors to none if none are filled
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/public/AppFramework')
| -rw-r--r-- | lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php index 6265bb04c5c..d4c3a022c13 100644 --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php @@ -509,6 +509,8 @@ class EmptyContentSecurityPolicy { if (!empty($this->allowedFrameAncestors)) { $policy .= 'frame-ancestors ' . implode(' ', $this->allowedFrameAncestors); $policy .= ';'; + } else { + $policy .= 'frame-ancestors \'none\';'; } if (!empty($this->allowedWorkerSrcDomains)) { |