Show warning when unsafe CSP policy is in use (#7804)

* Show warning when unsafe CSP policy is in use * Fix bare markdown URL * i18n: fr * Minor i18n: fr * Add target="_blank" to i18n strings --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
author: Inverle <inverle@proton.me> 2025-08-09 21:47:39 +0200
committer: GitHub <noreply@github.com> 2025-08-09 21:47:39 +0200
commit: 2b85a50ed72982ab0c0f9ef98c7ed1e15f21bf5f (patch)
tree: 7bb8412d5b14142a384e0da8cb6255802935d053 /app/FreshRSS.php
parent: 1030973d903c746d4fb10b863c7b9aebb5c448e1 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 06557dbe1..bff9f1b18 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -34,6 +34,7 @@ class FreshRSS extends Minz_FrontController {
 			// Relax Content Security Policy to allow external images if a custom logo HTML is used
 			Minz_ActionController::_defaultCsp([
 				'default-src' => "'self'",
+				'frame-ancestors' => "'none'",
 				'img-src' => '* data:',
 			]);
 		}
author	Inverle <inverle@proton.me>	2025-08-09 21:47:39 +0200
committer	GitHub <noreply@github.com>	2025-08-09 21:47:39 +0200
commit	2b85a50ed72982ab0c0f9ef98c7ed1e15f21bf5f (patch)
tree	7bb8412d5b14142a384e0da8cb6255802935d053 /app/FreshRSS.php
parent	1030973d903c746d4fb10b863c7b9aebb5c448e1 (diff)