From bf8e9e950baae6f173203dc9bf71e15c0ed60a6c Mon Sep 17 00:00:00 2001
From: Scott Koranda <skoranda@gmail.com>
Date: Fri, 29 Sep 2023 05:45:02 -0500
Subject: [PATCH] container add CSP headers to Apache config (CO-2705)

---
 container/match/base/comanage_utils.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/container/match/base/comanage_utils.sh b/container/match/base/comanage_utils.sh
index 4f4e75532..6252e75c4 100644
--- a/container/match/base/comanage_utils.sh
+++ b/container/match/base/comanage_utils.sh
@@ -978,6 +978,9 @@ function comanage_utils::virtual_host_http_opening() {
 <VirtualHost *:${COMANAGE_MATCH_HTTP_LISTEN_PORT:-80}>
 ServerName ${COMANAGE_MATCH_VIRTUAL_HOST_SCHEME:-http}://${COMANAGE_MATCH_VIRTUAL_HOST_FQDN}:${COMANAGE_MATCH_VIRTUAL_HOST_PORT:-80}
 UseCanonicalName On
+
+Header set Content-Security-Policy "frame-ancestors 'self';"
+
 EOF
 }
 
@@ -1004,6 +1007,7 @@ ServerName ${COMANAGE_MATCH_VIRTUAL_HOST_SCHEME:-https}://${COMANAGE_MATCH_VIRTU
 UseCanonicalName On
 
 Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+Header set Content-Security-Policy "frame-ancestors 'self';"
 
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3