Allow iframes to external domains

author: Lukas Reschke <lukas@statuscode.ch> 2013-01-22 00:30:09 +0100
committer: Lukas Reschke <lukas@statuscode.ch> 2013-01-22 00:30:09 +0100
commit: 3ffbaf4795b9ccead2551a3310fcf27b33157bee (patch)
tree: f788f09362d698f89f3d25479f7741034a3678e7 /lib/template.php
parent: 82231175695266c661847573e66b90a6ed481bbd (diff)
download: nextcloud-server-3ffbaf4795b9ccead2551a3310fcf27b33157bee.tar.gz
nextcloud-server-3ffbaf4795b9ccead2551a3310fcf27b33157bee.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/template.php b/lib/template.php
index 74d14c563b9..0780a81e7d1 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -189,8 +189,8 @@ class OC_Template{
 		header('X-Frame-Options: Sameorigin'); // Disallow iFraming from other domains
 		header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
 		header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
-		header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\'');
-		header('X-WebKit-CSP: default-src \'self\'; style-src \'self\' \'unsafe-inline\'');
+		header('Content-Security-Policy: default-src \'self\'; style-src \'self\' \'unsafe-inline\'; frame-src *');
+		header('X-WebKit-CSP: default-src \'self\'; style-src \'self\' \'unsafe-inline\'; frame-src *');
 
 		$this->findTemplate($name);
 	}
author	Lukas Reschke <lukas@statuscode.ch>	2013-01-22 00:30:09 +0100
committer	Lukas Reschke <lukas@statuscode.ch>	2013-01-22 00:30:09 +0100
commit	3ffbaf4795b9ccead2551a3310fcf27b33157bee (patch)
tree	f788f09362d698f89f3d25479f7741034a3678e7 /lib/template.php
parent	82231175695266c661847573e66b90a6ed481bbd (diff)
download	nextcloud-server-3ffbaf4795b9ccead2551a3310fcf27b33157bee.tar.gz nextcloud-server-3ffbaf4795b9ccead2551a3310fcf27b33157bee.zip