diff options
| author | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-17 16:19:03 +0100 |
|---|---|---|
| committer | Roeland Jago Douma <roeland@famdouma.nl> | 2020-11-18 10:13:36 +0100 |
| commit | 9163790b7cc3c566c3d203205359da93e31bb133 (patch) | |
| tree | ebf5bb38a9051950a59658cd40ec2c9801821675 /tests/lib/AppFramework/Http/ResponseTest.php | |
| parent | 5acabcf5cbcb1db92fd9661bc1ed5735ae316323 (diff) | |
| download | nextcloud-server-9163790b7cc3c566c3d203205359da93e31bb133.tar.gz nextcloud-server-9163790b7cc3c566c3d203205359da93e31bb133.zip | |
Set frame-ancestors to none if none are filled
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'tests/lib/AppFramework/Http/ResponseTest.php')
| -rw-r--r-- | tests/lib/AppFramework/Http/ResponseTest.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/lib/AppFramework/Http/ResponseTest.php b/tests/lib/AppFramework/Http/ResponseTest.php index 7a064908869..0ef128433cd 100644 --- a/tests/lib/AppFramework/Http/ResponseTest.php +++ b/tests/lib/AppFramework/Http/ResponseTest.php @@ -57,7 +57,7 @@ class ResponseTest extends \Test\TestCase { $this->childResponse->setHeaders($expected); $headers = $this->childResponse->getHeaders(); - $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self'"; + $expected['Content-Security-Policy'] = "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'"; $expected['Feature-Policy'] = "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'"; $this->assertEquals($expected, $headers); |