Add "Content-Security-Policy: frame-ancestors 'self'" to view headers…

… (CO-2705) (#65)
COmanage · Dec 20, 2024 · 1a96837 · 1a96837
1 parent 4db9fd8
commit 1a96837
Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/app/templates/layout/default.php b/app/templates/layout/default.php
@@ -31,6 +31,7 @@
 header("Expires: Thursday, 10-Jan-69 00:00:00 GMT");
 header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
 header("Pragma: no-cache");
+header("Content-Security-Policy: frame-ancestors 'self'");
 
 // Add X-UA-Compatible header for IE
 if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) {

diff --git a/app/templates/layout/error.php b/app/templates/layout/error.php
@@ -12,6 +12,8 @@
  * @since         0.10.0
  * @license       https://opensource.org/licenses/mit-license.php MIT License
  */
+
+  header("Content-Security-Policy: frame-ancestors 'self'");
 ?>
 <!DOCTYPE html>
 <html>