diff options
| author |  Inverle <inverle@proton.me>
| 2025-06-18 22:20:17 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-06-18 22:20:17 +0200 |
| commit | a6948218fb1c66fe146c7651555e5a1f791c8112 (patch) | |
| tree | a878349b1d2808d2ed7318aa34df0546e534690e /p | |
| parent | aa45bcbe5a0a723c4b6adfb50139be0be6336d2b (diff) | |
frame-ancestors CSP (#7677)
Diffstat (limited to 'p')
| -rw-r--r-- | p/f.php | 2 | ||||
| -rw-r--r-- | p/themes/.htaccess | 2 |
2 files changed, 2 insertions, 2 deletions
@@ -48,7 +48,7 @@ if ($ico_mtime == false || $ico_mtime < $txt_mtime || ($ico_mtime < time() - (mt } } -header("Content-Security-Policy: default-src 'none'; img-src 'self'; style-src 'self';"); +header("Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; img-src 'self'; style-src 'self';"); if (!httpConditional($ico_mtime, mt_rand(14, 21) * 86400, 2)) { $ico_content_type = contentType($ico); header('Content-Type: ' . $ico_content_type); diff --git a/p/themes/.htaccess b/p/themes/.htaccess index b38c085e8..c095eee60 100644 --- a/p/themes/.htaccess +++ b/p/themes/.htaccess @@ -26,6 +26,6 @@ <IfModule mod_headers.c> <FilesMatch "\.svg$"> - Header set Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'" + Header set Content-Security-Policy "default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'" </FilesMatch> </IfModule> |