Set default frame-ancestors to 'self'

For #13042 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2019-01-08 09:33:34 +0100
committer: Roeland Jago Douma <roeland@famdouma.nl> 2019-01-08 15:36:40 +0100
commit: ad676c010257f9f3cf5e09f10d09f4ff11350e44 (patch)
tree: 4ac930ed1750d924c1f8502a1bd87c5642c69b28 /lib
parent: 68b478ea869fb953af6901bbb888a6f0c34f77c5 (diff)
download: nextcloud-server-ad676c010257f9f3cf5e09f10d09f4ff11350e44.tar.gz
nextcloud-server-ad676c010257f9f3cf5e09f10d09f4ff11350e44.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
index 68aa4b5ddb4..c12fbc7561e 100644
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
@@ -86,7 +86,9 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
 	protected $allowedChildSrcDomains = [];
 
 	/** @var array Domains which can embed this Nextcloud instance */
-	protected $allowedFrameAncestors = [];
+	protected $allowedFrameAncestors = [
+		'\'self\'',
+	];
 
 	/** @var array Domains from which web-workers can be loaded */
 	protected $allowedWorkerSrcDomains = [];
author	Roeland Jago Douma <roeland@famdouma.nl>	2019-01-08 09:33:34 +0100
committer	Roeland Jago Douma <roeland@famdouma.nl>	2019-01-08 15:36:40 +0100
commit	ad676c010257f9f3cf5e09f10d09f4ff11350e44 (patch)
tree	4ac930ed1750d924c1f8502a1bd87c5642c69b28 /lib
parent	68b478ea869fb953af6901bbb888a6f0c34f77c5 (diff)
download	nextcloud-server-ad676c010257f9f3cf5e09f10d09f4ff11350e44.tar.gz nextcloud-server-ad676c010257f9f3cf5e09f10d09f4ff11350e44.zip