From bc3e4c8fa4bae9591166e12caa3fb6bf73893102 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 21 Sep 2025 13:29:58 +0200
Subject: Add option for CSP frame-ancestors (#7857)

* Add option for CSP frame-ancestors
https://github.com/FreshRSS/FreshRSS/discussions/7856

* Revert contentSelectorPreviewAction

* Same for f.php and api

* Fix double init in f.php

* No sandbox for API page
---
 config.default.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'config.default.php')

diff --git a/config.default.php b/config.default.php
index 91eca5597..89b2cfd25 100644
--- a/config.default.php
+++ b/config.default.php
@@ -88,6 +88,9 @@ return [
 	#	For more information see: https://freshrss.github.io/FreshRSS/en/admins/10_ServerConfig.html#security
 	'suppress_csp_warning' => false,
 
+	# Content-Security-Policy frame-ancestors
+	'csp.frame-ancestors' => "'none'",
+
 	# Enable or not the use of syslog to log the activity of
 	#	SimplePie, which is retrieving RSS feeds via HTTP requests.
 	'simplepie_syslog_enabled' => true,
-- 
cgit v1.2.3