From 1a96837e9b38e697a86898359d4db4678de75010 Mon Sep 17 00:00:00 2001
From: Arlen Johnson <arlen@sphericalcowgroup.com>
Date: Fri, 20 Dec 2024 10:34:28 -0500
Subject: [PATCH] Add "Content-Security-Policy: frame-ancestors 'self'" to view
 headers (CO-2705) (#65)

---
 app/templates/layout/default.php | 1 +
 app/templates/layout/error.php   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/app/templates/layout/default.php b/app/templates/layout/default.php
index 8a8628603..1097c650b 100644
--- a/app/templates/layout/default.php
+++ b/app/templates/layout/default.php
@@ -31,6 +31,7 @@
 header("Expires: Thursday, 10-Jan-69 00:00:00 GMT");
 header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
 header("Pragma: no-cache");
+header("Content-Security-Policy: frame-ancestors 'self'");
 
 // Add X-UA-Compatible header for IE
 if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) {
diff --git a/app/templates/layout/error.php b/app/templates/layout/error.php
index 747ad0331..5c0630f3a 100644
--- a/app/templates/layout/error.php
+++ b/app/templates/layout/error.php
@@ -12,6 +12,8 @@
  * @since         0.10.0
  * @license       https://opensource.org/licenses/mit-license.php MIT License
  */
+  
+  header("Content-Security-Policy: frame-ancestors 'self'");
 ?>
 <!DOCTYPE html>
 <html>