Media CSP: omit script-src and add frame-ancestors

See comments for details:

https://github.com/splitbrain/dokuwiki/pull/3310#discussion_r506909727
https://github.com/splitbrain/dokuwiki/pull/3310#discussion_r506913304
This commit is contained in:
Andreas Gohr 2020-11-19 15:17:42 +01:00
parent 6cda96e3cf
commit 01648efd47
1 changed files with 1 additions and 1 deletions

View File

@ -58,11 +58,11 @@ if (defined('SIMPLE_TEST')) {
'csp' => [
'sandbox' => '',
'default-src' => "'none'",
'script-src' => "'none'",
'style-src' => "'unsafe-inline'",
'media-src' => "'self'",
'object-src' => "'self'",
'form-action' => "'none'",
'frame-ancestors' => "'self'",
],
);