From 8cdf44c87b7490ebc4cbdf4f2c50dd2a3bdd520d Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 17 Feb 2016 01:17:56 +0100
Subject: CSP allow iframes

E.g. for YouTube videos, etc.
https://github.com/FreshRSS/FreshRSS/issues/1075
---
 app/FreshRSS.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index e0e82457c..8eb862aeb 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -168,7 +168,7 @@ class FreshRSS extends Minz_FrontController {
 	}
 
 	public static function preLayout() {
-		header("Content-Security-Policy: default-src 'self'; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'");
+		header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'");
 		self::setJavascriptCookie();
 	}
 
-- 
cgit v1.2.3