Change Content-Security-Policy "frame-ancestors" to "self"

This allows for downloading files as the download button
spawns an iframe when clicking it.
This commit is contained in:
yuri 2023-10-07 05:41:12 +02:00 committed by Jannes Grzebien
parent c3a9e56437
commit 3ee198bc10

View file

@ -11,7 +11,7 @@ let
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header Content-Security-Policy "frame-ancestors 'self'";
add_header Strict-Transport-Security "max-age=63072000" always;
'';