diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2019-01-08 11:33:34 +0300 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2019-01-08 17:36:40 +0300 |
| commit | ad676c010257f9f3cf5e09f10d09f4ff11350e44 (patch) | |
| tree | 4ac930ed1750d924c1f8502a1bd87c5642c69b28 /lib/public/AppFramework | |
| parent | 68b478ea869fb953af6901bbb888a6f0c34f77c5 (diff) | |
Set default frame-ancestors to 'self'
For #13042
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/public/AppFramework')
| -rw-r--r-- | lib/public/AppFramework/Http/ContentSecurityPolicy.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php index 68aa4b5ddb4..c12fbc7561e 100644 --- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php @@ -86,7 +86,9 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy { protected $allowedChildSrcDomains = []; /** @var array Domains which can embed this Nextcloud instance */ - protected $allowedFrameAncestors = []; + protected $allowedFrameAncestors = [ + '\'self\'', + ]; /** @var array Domains from which web-workers can be loaded */ protected $allowedWorkerSrcDomains = []; |