Merge pull request #2250 from Alkarex/CSP_child-src

Remove deprecated CSP child-src
author: Alexandre Alapetite <alexandre@alapetite.fr> 2019-02-13 22:53:33 +0100
committer: GitHub <noreply@github.com> 2019-02-13 22:53:33 +0100
commit: 30e542a7b5a9da2f390b13027ce70effc3bb8c58 (patch)
tree: 25f32d9e2ed84f3ea32c3127c1c857e6a54e2b68 /app
parent: 75a802f623672dab0179d64a0e84d63d212bcd93 (diff)
parent: 75356c64a2b13a89497bd8125c1bfe79293084f9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 9371081e4..1dc80718e 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -117,7 +117,7 @@ class FreshRSS extends Minz_FrontController {
 					}
 				}, FreshRSS_Context::$user_conf->sharing));
 				$connectSrc = count($urlToAuthorize) ? sprintf("; connect-src 'self' %s", implode(' ', $urlToAuthorize)) : '';
-				header(sprintf("Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *%s", $connectSrc));
+				header(sprintf("Content-Security-Policy: default-src 'self'; frame-src *; img-src * data:; media-src *%s", $connectSrc));
 				break;
 			case 'stats':
 				header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
author	Alexandre Alapetite <alexandre@alapetite.fr>	2019-02-13 22:53:33 +0100
committer	GitHub <noreply@github.com>	2019-02-13 22:53:33 +0100
commit	30e542a7b5a9da2f390b13027ce70effc3bb8c58 (patch)
tree	25f32d9e2ed84f3ea32c3127c1c857e6a54e2b68 /app
parent	75a802f623672dab0179d64a0e84d63d212bcd93 (diff)
parent	75356c64a2b13a89497bd8125c1bfe79293084f9 (diff)