jan/miniflux-legacy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use CSP directive child-src in addition to frame-src

Browse Source
This commit is contained in:
Frederic Guillot 2016-08-05 20:50:48 -04:00
parent 831552c396
commit a23e0947e7
No known key found for this signature in database
GPG Key ID: 92D77191BA7FBC99
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
controllers/common.php
View File

@ -41,6 +41,7 @@ Router\before(function ($action) {
'media-src' => '*', 'media-src' => '*',
'img-src' => '* data:', 'img-src' => '* data:',
'frame-src' => Model\Config\get_iframe_whitelist(), 'frame-src' => Model\Config\get_iframe_whitelist(),
'child-src' => Model\Config\get_iframe_whitelist(),
'referrer' => 'no-referrer', 'referrer' => 'no-referrer',
)); ));