diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-09-21 13:29:58 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-09-21 13:29:58 +0200 |
| commit | bc3e4c8fa4bae9591166e12caa3fb6bf73893102 (patch) | |
| tree | ee38afd776e08461ba22bdbc10fe4c17d5bff172 /lib/lib_rss.php | |
| parent | f1cf57b5b713527b4521c4552b5f1ac023ee3adc (diff) | |
Add option for CSP frame-ancestors (#7857)
* Add option for CSP frame-ancestors
https://github.com/FreshRSS/FreshRSS/discussions/7856
* Revert contentSelectorPreviewAction
* Same for f.php and api
* Fix double init in f.php
* No sandbox for API page
Diffstat (limited to 'lib/lib_rss.php')
| -rw-r--r-- | lib/lib_rss.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 532a9902a..0e916616d 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -1100,7 +1100,8 @@ function errorMessageInfo(string $errorTitle, string $error = ''): string { $details = "<pre>{$details}</pre>"; } - header("Content-Security-Policy: default-src 'self'; frame-ancestors 'none'"); + header("Content-Security-Policy: default-src 'self'; frame-ancestors " . + (FreshRSS_Context::systemConf()->attributeString('csp.frame-ancestors') ?? "'none'")); header('Referrer-Policy: same-origin'); return <<<MSG |