diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-17 16:19:03 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-18 10:13:36 +0100 |
| commit | 9163790b7cc3c566c3d203205359da93e31bb133 (patch) | |
| tree | ebf5bb38a9051950a59658cd40ec2c9801821675 /tests/lib/AppFramework/Http/DataResponseTest.php | |
| parent | 5acabcf5cbcb1db92fd9661bc1ed5735ae316323 (diff) | |
| download | nextcloud-server-9163790b7cc3c566c3d203205359da93e31bb133.tar.gz nextcloud-server-9163790b7cc3c566c3d203205359da93e31bb133.zip | |
Set frame-ancestors to none if none are filled
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'tests/lib/AppFramework/Http/DataResponseTest.php')
| -rw-r--r-- | tests/lib/AppFramework/Http/DataResponseTest.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/lib/AppFramework/Http/DataResponseTest.php b/tests/lib/AppFramework/Http/DataResponseTest.php index a02cee67d31..889372775d6 100644 --- a/tests/lib/AppFramework/Http/DataResponseTest.php +++ b/tests/lib/AppFramework/Http/DataResponseTest.php @@ -65,7 +65,7 @@ class DataResponseTest extends \Test\TestCase { $expectedHeaders = [ 'Cache-Control' => 'no-cache, no-store, must-revalidate', - 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self'", + 'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'", 'Feature-Policy' => "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'", 'X-Robots-Tag' => 'none', ]; |