Merge branch 'CSP-no-inline' into dev

author: Alexandre Alapetite <alexandre@alapetite.fr> 2016-02-17 01:18:23 +0100
committer: Alexandre Alapetite <alexandre@alapetite.fr> 2016-02-17 01:18:23 +0100
commit: e0fe98d74f2fbd17be699cdd682a3796dfefe39e (patch)
tree: dd38a3d5e4509f9ea46298902febfe3073a26360 /app
parent: 567a0cea80d4493031ed5b6ffee9e57cf8f5a830 (diff)
parent: 8cdf44c87b7490ebc4cbdf4f2c50dd2a3bdd520d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index e0e82457c..8eb862aeb 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -168,7 +168,7 @@ class FreshRSS extends Minz_FrontController {
 	}
 
 	public static function preLayout() {
-		header("Content-Security-Policy: default-src 'self'; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'");
+		header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'");
 		self::setJavascriptCookie();
 	}
author	Alexandre Alapetite <alexandre@alapetite.fr>	2016-02-17 01:18:23 +0100
committer	Alexandre Alapetite <alexandre@alapetite.fr>	2016-02-17 01:18:23 +0100
commit	e0fe98d74f2fbd17be699cdd682a3796dfefe39e (patch)
tree	dd38a3d5e4509f9ea46298902febfe3073a26360 /app
parent	567a0cea80d4493031ed5b6ffee9e57cf8f5a830 (diff)
parent	8cdf44c87b7490ebc4cbdf4f2c50dd2a3bdd520d (diff)