Change Content-Security-Policy "frame-ancestors" to "self"

This allows for downloading files as the download button spawns an iframe when clicking it.
2023-10-07 05:41:12 +02:00 · 2023-10-07 05:41:12 +02:00 · 3ee198bc10
parent c3a9e56437
commit 3ee198bc10
1 changed files with 1 additions and 1 deletions
--- a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix
+++ b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix
@ -11,7 +11,7 @@ let
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
-    add_header Content-Security-Policy "frame-ancestors 'none'";
+    add_header Content-Security-Policy "frame-ancestors 'self'";

    add_header Strict-Transport-Security "max-age=63072000" always;
  '';