From 9163790b7cc3c566c3d203205359da93e31bb133 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Tue, 17 Nov 2020 16:19:03 +0100
Subject: Set frame-ancestors to none if none are filled

frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 tests/lib/AppFramework/Http/DataResponseTest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tests/lib/AppFramework/Http/DataResponseTest.php')

diff --git a/tests/lib/AppFramework/Http/DataResponseTest.php b/tests/lib/AppFramework/Http/DataResponseTest.php
index a02cee67d31..889372775d6 100644
--- a/tests/lib/AppFramework/Http/DataResponseTest.php
+++ b/tests/lib/AppFramework/Http/DataResponseTest.php
@@ -65,7 +65,7 @@ class DataResponseTest extends \Test\TestCase {
 
 		$expectedHeaders = [
 			'Cache-Control' => 'no-cache, no-store, must-revalidate',
-			'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self'",
+			'Content-Security-Policy' => "default-src 'none';base-uri 'none';manifest-src 'self';frame-ancestors 'none'",
 			'Feature-Policy' => "autoplay 'none';camera 'none';fullscreen 'none';geolocation 'none';microphone 'none';payment 'none'",
 			'X-Robots-Tag' => 'none',
 		];
-- 
cgit v1.2.3