Use CSP directive child-src in addition to frame-src

2016-08-05 20:50:48 -04:00 · 2016-08-05 20:50:48 -04:00 · a23e0947e7
commit a23e0947e7
parent 831552c396
1 changed files with 1 additions and 0 deletions
--- a/controllers/common.php
+++ b/controllers/common.php
@ -41,6 +41,7 @@ Router\before(function ($action) {
        'media-src' => '*',
        'img-src' => '* data:',
        'frame-src' => Model\Config\get_iframe_whitelist(),
+        'child-src' => Model\Config\get_iframe_whitelist(),
        'referrer' => 'no-referrer',
    ));