From 2b85a50ed72982ab0c0f9ef98c7ed1e15f21bf5f Mon Sep 17 00:00:00 2001
From: Inverle <inverle@proton.me>
Date: Sat, 9 Aug 2025 21:47:39 +0200
Subject: Show warning when unsafe CSP policy is in use (#7804)

* Show warning when unsafe CSP policy is in use

* Fix bare markdown URL

* i18n: fr

* Minor i18n: fr

* Add target="_blank" to i18n strings

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---
 app/FreshRSS.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'app/FreshRSS.php')

diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 06557dbe1..bff9f1b18 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -34,6 +34,7 @@ class FreshRSS extends Minz_FrontController {
 			// Relax Content Security Policy to allow external images if a custom logo HTML is used
 			Minz_ActionController::_defaultCsp([
 				'default-src' => "'self'",
+				'frame-ancestors' => "'none'",
 				'img-src' => '* data:',
 			]);
 		}
-- 
cgit v1.2.3