From 3ee198bc109442881e0f4bb051f9ac688c2f5e1e Mon Sep 17 00:00:00 2001 From: yuri Date: Sat, 7 Oct 2023 05:41:12 +0200 Subject: [PATCH] Change Content-Security-Policy "frame-ancestors" to "self" This allows for downloading files as the download button spawns an iframe when clicking it. --- .../public-web-static/virtualHosts/element.hamburg.ccc.de.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix index d506939..5af4ab9 100644 --- a/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix +++ b/config/hosts/public-web-static/virtualHosts/element.hamburg.ccc.de.nix @@ -11,7 +11,7 @@ let add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; - add_header Content-Security-Policy "frame-ancestors 'none'"; + add_header Content-Security-Policy "frame-ancestors 'self'"; add_header Strict-Transport-Security "max-age=63072000" always; '';