Media CSP: omit script-src and add frame-ancestors
See comments for details: https://github.com/splitbrain/dokuwiki/pull/3310#discussion_r506909727 https://github.com/splitbrain/dokuwiki/pull/3310#discussion_r506913304
This commit is contained in:
parent
6cda96e3cf
commit
01648efd47
|
@ -58,11 +58,11 @@ if (defined('SIMPLE_TEST')) {
|
|||
'csp' => [
|
||||
'sandbox' => '',
|
||||
'default-src' => "'none'",
|
||||
'script-src' => "'none'",
|
||||
'style-src' => "'unsafe-inline'",
|
||||
'media-src' => "'self'",
|
||||
'object-src' => "'self'",
|
||||
'form-action' => "'none'",
|
||||
'frame-ancestors' => "'self'",
|
||||
],
|
||||
);
|
||||
|
||||
|
|
Loading…
Reference in New Issue