CSP compatibility with Firefox older than 45

https://github.com/FreshRSS/FreshRSS/pull/1075 https://github.com/FreshRSS/FreshRSS/pull/1078 https://developer.mozilla.org/en-US/Firefox/Releases/45#Security https://bugzilla.mozilla.org/show_bug.cgi?id=1045891
author: Alexandre Alapetite <alexandre@alapetite.fr> 2016-03-01 21:56:19 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2016-03-01 21:56:19 +0100
commit: cbac2afd23daaeeb3b5d6c81fdcd5c28619f5b1d (patch)
tree: 2a32b497e438291604663ee1b9e5b92f35bc815c /CHANGELOG.md
parent: ee69a24a2dbe254f02357e082a1987ae401e1946 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 096c930d1..43823b536 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,7 @@
 ## 2016-03-xx FreshRSS 1.3.1-beta
 
 * Security
-	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
+	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
 * Features
 	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
 		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
author	Alexandre Alapetite <alexandre@alapetite.fr>	2016-03-01 21:56:19 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2016-03-01 21:56:19 +0100
commit	cbac2afd23daaeeb3b5d6c81fdcd5c28619f5b1d (patch)
tree	2a32b497e438291604663ee1b9e5b92f35bc815c /CHANGELOG.md
parent	ee69a24a2dbe254f02357e082a1987ae401e1946 (diff)