Merge pull request #2087 from nextcloud/fix/embeded-csp
Allow embedding in the CSP
This commit is contained in:
commit
6a94f1c396
|
@ -23,6 +23,7 @@ declare(strict_types=1);
|
|||
namespace OCA\Calendar\Controller;
|
||||
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http\ContentSecurityPolicy;
|
||||
use OCP\AppFramework\Http\TemplateResponse;
|
||||
use OCP\IConfig;
|
||||
use OCP\IInitialStateService;
|
||||
|
@ -97,6 +98,10 @@ class PublicViewController extends Controller {
|
|||
$response = $this->publicIndex($token, 'base');
|
||||
$response->addHeader('X-Frame-Options', 'ALLOW');
|
||||
|
||||
$csp = new ContentSecurityPolicy();
|
||||
$csp->addAllowedFrameAncestorDomain('*');
|
||||
$response->setContentSecurityPolicy($csp);
|
||||
|
||||
return $response;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue