From cbac2afd23daaeeb3b5d6c81fdcd5c28619f5b1d Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 1 Mar 2016 21:56:19 +0100
Subject: CSP compatibility with Firefox older than 45

https://github.com/FreshRSS/FreshRSS/pull/1075
https://github.com/FreshRSS/FreshRSS/pull/1078
https://developer.mozilla.org/en-US/Firefox/Releases/45#Security
https://bugzilla.mozilla.org/show_bug.cgi?id=1045891
---
 app/FreshRSS.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index bfbd7a6eb..d6f4f4062 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -113,7 +113,7 @@ class FreshRSS extends Minz_FrontController {
 	public static function preLayout() {
 		switch (Minz_Request::controllerName()) {
 			case 'index':
-				header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
+				header("Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *");
 				break;
 			case 'stats':
 				header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
-- 
cgit v1.2.3