From 22c1cf6f19df309a460ff22fdbb85aea0aa338ea Mon Sep 17 00:00:00 2001 From: Arlen Johnson Date: Thu, 15 Feb 2024 14:30:39 -0500 Subject: [PATCH] Add "Content-Security-Policy: frame-ancestors 'self'" to view headers (CO-2705) --- app/templates/layout/default.php | 1 + app/templates/layout/error.php | 1 + app/templates/layout/iframe.php | 1 + 3 files changed, 3 insertions(+) diff --git a/app/templates/layout/default.php b/app/templates/layout/default.php index 2745b09b5..b0826777b 100644 --- a/app/templates/layout/default.php +++ b/app/templates/layout/default.php @@ -31,6 +31,7 @@ header("Expires: Thursday, 10-Jan-69 00:00:00 GMT"); header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate"); header("Pragma: no-cache"); +header("Content-Security-Policy: frame-ancestors 'self'"); // Add X-UA-Compatible header for IE if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) { diff --git a/app/templates/layout/error.php b/app/templates/layout/error.php index d67e68fb1..9aadeae3a 100644 --- a/app/templates/layout/error.php +++ b/app/templates/layout/error.php @@ -31,6 +31,7 @@ header("Expires: Thursday, 10-Jan-69 00:00:00 GMT"); header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate"); header("Pragma: no-cache"); +header("Content-Security-Policy: frame-ancestors 'self'"); // Add X-UA-Compatible header for IE if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) { diff --git a/app/templates/layout/iframe.php b/app/templates/layout/iframe.php index 6010ae512..928ae13f9 100644 --- a/app/templates/layout/iframe.php +++ b/app/templates/layout/iframe.php @@ -31,6 +31,7 @@ header("Expires: Thursday, 10-Jan-69 00:00:00 GMT"); header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate"); header("Pragma: no-cache"); +header("Content-Security-Policy: frame-ancestors 'self'"); // Add X-UA-Compatible header for IE if(isset($_SERVER['HTTP_USER_AGENT']) && (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false)) {