CSP allow iframes

E.g. for YouTube videos, etc. https://github.com/FreshRSS/FreshRSS/issues/1075
author: Alexandre Alapetite <alexandre@alapetite.fr> 2016-02-17 01:17:56 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2016-02-17 01:17:56 +0100
commit: 8cdf44c87b7490ebc4cbdf4f2c50dd2a3bdd520d (patch)
tree: 793f85d94cf368385d1dc5a621fa9ae1660425a9
parent: e4a459a6edc40b64cba7845b52f3e90666b2818a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index e0e82457c..8eb862aeb 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -168,7 +168,7 @@ class FreshRSS extends Minz_FrontController {
 	}
 
 	public static function preLayout() {
-		header("Content-Security-Policy: default-src 'self'; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'");
+		header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'");
 		self::setJavascriptCookie();
 	}
author	Alexandre Alapetite <alexandre@alapetite.fr>	2016-02-17 01:17:56 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2016-02-17 01:17:56 +0100
commit	8cdf44c87b7490ebc4cbdf4f2c50dd2a3bdd520d (patch)
tree	793f85d94cf368385d1dc5a621fa9ae1660425a9
parent	e4a459a6edc40b64cba7845b52f3e90666b2818a (diff)