diff options
| author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2019-01-09 14:27:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-09 14:27:47 +0100 |
| commit | 1fd6741182f3f39458612fbf9b3e381eb7d2f62f (patch) | |
| tree | 02af560b294474580569b274cefdc4e9f5739018 /lib | |
| parent | b8bb1d491f79c97addf800730122a1702762f046 (diff) | |
| parent | ad676c010257f9f3cf5e09f10d09f4ff11350e44 (diff) | |
| download | nextcloud-server-1fd6741182f3f39458612fbf9b3e381eb7d2f62f.tar.gz nextcloud-server-1fd6741182f3f39458612fbf9b3e381eb7d2f62f.zip | |
Merge pull request #13420 from nextcloud/enh/13042/default-frame-anchestor-set
Set default frame-ancestors to 'self'
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/public/AppFramework/Http/ContentSecurityPolicy.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php index 68aa4b5ddb4..c12fbc7561e 100644 --- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php @@ -86,7 +86,9 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy { protected $allowedChildSrcDomains = []; /** @var array Domains which can embed this Nextcloud instance */ - protected $allowedFrameAncestors = []; + protected $allowedFrameAncestors = [ + '\'self\'', + ]; /** @var array Domains from which web-workers can be loaded */ protected $allowedWorkerSrcDomains = []; |