CSP compatibility with Firefox older than 45

https://github.com/FreshRSS/FreshRSS/pull/1075 https://github.com/FreshRSS/FreshRSS/pull/1078 https://developer.mozilla.org/en-US/Firefox/Releases/45#Security https://bugzilla.mozilla.org/show_bug.cgi?id=1045891
author: Alexandre Alapetite <alexandre@alapetite.fr> 2016-03-01 21:56:19 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2016-03-01 21:56:19 +0100
commit: cbac2afd23daaeeb3b5d6c81fdcd5c28619f5b1d (patch)
tree: 2a32b497e438291604663ee1b9e5b92f35bc815c /app/FreshRSS.php
parent: ee69a24a2dbe254f02357e082a1987ae401e1946 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index bfbd7a6eb..d6f4f4062 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -113,7 +113,7 @@ class FreshRSS extends Minz_FrontController {
 	public static function preLayout() {
 		switch (Minz_Request::controllerName()) {
 			case 'index':
-				header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
+				header("Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *");
 				break;
 			case 'stats':
 				header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
author	Alexandre Alapetite <alexandre@alapetite.fr>	2016-03-01 21:56:19 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2016-03-01 21:56:19 +0100
commit	cbac2afd23daaeeb3b5d6c81fdcd5c28619f5b1d (patch)
tree	2a32b497e438291604663ee1b9e5b92f35bc815c /app/FreshRSS.php
parent	ee69a24a2dbe254f02357e082a1987ae401e1946 (diff)