Skip to content

Add "Content-Security-Policy: frame-ancestors 'self'" to view headers (CO-2705) #65

Open
wants to merge 1 commit into
base: hotfix-1.2.x
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions app/templates/layout/default.php
Expand Up @@ -31,6 +31,7 @@
header("Expires: Thursday, 10-Jan-69 00:00:00 GMT");
header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
header("Pragma: no-cache");
header("Content-Security-Policy: frame-ancestors 'self'");

// Add X-UA-Compatible header for IE
if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) {
Expand Down
2 changes: 2 additions & 0 deletions app/templates/layout/error.php
Expand Up @@ -12,6 +12,8 @@
* @since 0.10.0
* @license https://opensource.org/licenses/mit-license.php MIT License
*/

header("Content-Security-Policy: frame-ancestors 'self'");
?>
<!DOCTYPE html>
<html>
Expand Down